delvingbitcoin

Disclosure: Btcd consensus bugs due to usage of signed transaction version

Disclosure: Btcd consensus bugs due to usage of signed transaction version

Original Postby 0xB10C

Posted on: January 27, 2024 00:16 UTC

A vulnerability was recently discovered and exploited on the testnet, as evidenced by transactions in block 000000002f4830471b6b346578546615c031b99da5e7fabeac119b63f1843f82, specifically pointing to transaction 5839f20446d7b9446e82c00117ee3699fa84154e970d57f09add60deef2eaa18.

This incident occurred shortly after the issue was initially reported. When attempting to synchronize a node using btcd version 0.23.4 on the testnet, it was observed that the process becomes stuck at height 2575398, indicating a problem with this particular version. In contrast, a node running the newer btcd version 0.24.0 did not experience this issue, suggesting that the vulnerability may have been addressed in the latest release.

Further observation revealed that according to monitoring resources such as ForkMonitor, nodes operating on mainnet with btcd version 0.23.3 have not encountered similar problems. Additionally, there has been no detection of non-standard transactions that would exploit this vulnerability on the mainnet in the days following its discovery. This information suggests that the exploit may be isolated to the testnet environment and specific to certain versions of the btcd software. The situation underscores the importance of ongoing network monitoring and prompt updates to node software to ensure security and continuity within blockchain networks.