Combined summary - Disclosure: Btcd consensus bugs due to usage of signed transaction version

Combined summary - Disclosure: Btcd consensus bugs due to usage of signed transaction version

The recent exploration in cryptocurrency security brought to light a critical vulnerability within the btcd software, which is an alternative Bitcoin node implementation.

A discrepancy was found in how btcd handled transaction version numbers, treating them as signed 32-bit integers rather than unsigned, as mandated by the consensus rules of BIP 68 and BIP 112. This error could potentially allow transactions with negative version numbers to circumvent relative time lock rules or be incorrectly rejected when using OP_CHECKSEQUENCEVERIFY. Such a flaw exposes the network to dangers including possible chain splits, lightning nodes losing funds, miners mining invalid chains, and attackers confirming invalid payments.

The significance of this discovery was marked by a bug bounty reward of 0.023 BTC from the btcd project, acknowledging the importance of collaborative efforts and innovative techniques in software security. The use of differential fuzzing, which was instrumental in identifying this issue, underscores the technique's effectiveness. Differential fuzzing involves generating random inputs to stress test software, comparing outputs across different implementations to pinpoint inconsistencies and vulnerabilities. This method is particularly beneficial for ensuring the precision and reliability of cryptographic currencies and their technologies.

In the realm of software development and testing for Bitcoin, contributions continue to emerge. A Pull Request has been made to the Bitcoin Core repository proposing a static test vector to check specific logic within the software. These test vectors are essential for verifying that code functions correctly under assorted scenarios. Additionally, a patch has been suggested for the bitcoin-s repository, further indicating proactive efforts to identify and resolve issues within the Bitcoin-S library.

This incident has also sparked discussions about the open-source status of the fuzzing harness used to discover the bug. Open-source software plays a crucial role in fostering transparency and collective advancement through the sharing of resources and knowledge. The anticipation of a detailed publication on how the bug was identified and the associated code will likely contribute significantly to the programming and security research communities. It will offer insights into differential fuzzing techniques and encourage further research and collaboration.

Lastly, developers and users of btcd are strongly advised to upgrade to version v0.24.0 or later to rectify the risks associated with the discovered vulnerability. The issue was responsibly disclosed and has since been resolved, with the updated release rolled out on December 31, 2023. The case exemplifies the ongoing need for security-focused research and development within the Bitcoin ecosystem, with organizations like Brink at the helm, promoting these endeavors. Contributions to support such initiatives are welcome and vital for the continued robustness of the network.

Discussion History

dergoegge Original Post
January 22, 2024 14:56 UTC
January 22, 2024 14:59 UTC
January 22, 2024 22:26 UTC
January 22, 2024 23:04 UTC
January 27, 2024 00:16 UTC