delvingbitcoin
CVE-2024-38365 public disclosure (btcd `FindAndDelete` bug)
Posted on: October 11, 2024 19:13 UTC
The email discusses a specific bug related to Bitcoin's script execution, particularly how consensus nodes handle scriptCode
that includes both ECDSA signatures and "noise" dummy data.
The critical aspect of this issue is the malleability of the ECDSA signature length, which can cause discrepancies in how data is handled by different versions of Bitcoin nodes. Specifically, nodes that have not been upgraded to version 0.24.2 (referred to as pre-0.24.2 btcd peers) have a behavior where they remove the entire data push containing what are actually valid consensus signatures before these signatures have been verified by the script interpreter. In contrast, updated bitcoind peers can accept these valid signatures without issue.
The concern raised about the necessity of public key recovery for exploiting this difference to potentially cause a chain fork is addressed by suggesting that there might be alternative methods within Bitcoin's scripting language to achieve similar outcomes. The email points out that opcodes such as OP_PICK, OP_ROLL, and other stack inspection operations could be employed within the scriptCode
to manipulate or inspect the stack in ways that might circumvent the need for public key recovery. This suggests a deeper level of complexity and potential vulnerability in script handling that goes beyond just the handling of signature lengths and dummy data.
Overall, the communication highlights a nuanced understanding of Bitcoin's script execution mechanism and points towards sophisticated aspects of script manipulation that could impact consensus and network integrity, especially concerning how different node versions process and validate transaction scripts.