The popular Bitcoin OpTech newsletter has created a Hall of Fame to thank developers who responsibly disclosed major vulnerabilities in Bitcoin software without exploiting them for their own benefit. The list provides more than four years of history of episodes when Bitcoin came close to the brink of failing.
Bitcoin OpTech develops open-source technologies for businesses interested in using bitcoin. It routinely issues responsible disclosures on software vulnerabilities so developers can work on them. The firm is most well-known for its newsletter, a weekly email digest that covers technical news about Bitcoin and related software.
Now, it maintains a list of some of the biggest bugs it has received reports on. Many of them were serious Bitcoin vulnerabilities that an attacker could have used to cause significant damage to important parts of Bitcoin’s infrastructure, like Bitcoin Core or the Lightning Network.
Bitcoin vulnerabilities: Block parsing bug in LND and BTCD
Bitcoin Optech Newsletter #222 reported a block parsing bug in LND and BTCD detected by Burak who goes by brqgoo. He sent a 998-of-999 Taproot tapscript multi-signature transaction that broke a parsing library used by BTCD and LND. The bug was disclosed November 9, 2022.
Taproot’s consensus rules did not limit the size of witness data sent in a transaction. Users soon reported that BTCD full node and LND Lightning Network implementations failed to forward data from recent blocks. A developer fixed the issue with a new version of BTCD’s code.
Security vulnerability detected in Lightning Network anchor outputs
Bastien Teinturier informed Lightning-Dev mailing list recipients about a security issue affecting older versions of Core Lightning with experimental features and LND.
A newer design for LN anchor outputs allowed parties to combine multiple revoked HTLC outputs into a single transaction. This design included a flaw that could allow a party who issued a revoked HTLC to steal unclaimed funds when an HTLC timelock expired.
He had previously reported it to LN implementation maintainers and recommended that users of old versions of Core Lightning install upgrades. The bug was reported in May 2021.
Cross-site scripting vulnerabilities in BTCPay Server
Ajmal Aboobacker and Abdul Muhaimin received disclosure bounties for informing BTCPay developers about three cross-site scripting vulnerabilities in BTCPay Server. BTCPay Server 1.2.3 fixed the issue. The bug was shared with the public in September 2021.
Discrepancy between BIP125 and Bitcoin Core implementations
Before that, Antoine Riard reported a possible source of conflict between BIP125 and Bitcoin Core that was divulged in May 2021. BIP125 allowed unconfirmed parent transactions that senders could replace with Replace-By-Fee to make any transactions using the parent transactions’ output replaceable through inferred inheritance.
This feature caused a conflict with Bitcoin Core, which did not allow this behavior. The conflict could make an existing LN vulnerability disclosed in Optech Newsletter #95 cheaper to exploit.
Acceptance of Non-Standard Signatures in LND
Antoine Riard disclosed a vulnerability in LND in October the same year, that caused it to accept transaction signatures that Bitcoin Core could not relay or mine by default. When the transaction failed to confirm at the Bitcoin Core level, the timelock expired, and the attacker could steal the funds.
Inventory out-of-memory Denial-of-Service attack
Back in September 2020, Braydon Fuller and Javed Khan revealed a vulnerability allowing attackers to flood bitcoin nodes with inventory (inv) messages in a variation of the Denial-of-Service attack. Each inv message contained the maximum number of transaction hashes.
When the target nodes received too many inv messages, they could run out of memory and crash. The Denial-of-Service attack could be combined with an eclipse attack to steal funds.
LN fee ransom attack
In June 2020, René Pickhardt detected a Lightning Network vulnerability where a sender could hold payments hostage by not selecting an appropriate fee rate when sending payments.
Even in the Lightning Network, attackers could drive up fee rates by sending a lot of “junk” transactions, which could make the recommended fee structure higher than the selected fee rate. Exploiting this vulnerability could force the recipient to close the channel without receiving payments or agree to settle the HTLCs offchain.
Fee overpayment attacks on multi-input segwit transactions
Greg Sanders found a vulnerability in the software commonly used to interact with hardware wallets in June 2020. Hardware wallets can provide secure storage of digital assets partly because their owners typically do not leave them connected to a computer that connects to the Internet.
However, an attacker can hack a hardware wallet owner’s computer and use it to seize control of the software. The attacker can use that to trick the hardware wallet into overpaying for transaction fees by interfering with the algorithms used to calculate the UTXO amounts.
The vulnerability only affects stateless signers like hardware wallets that do not store UTXO data and have to recalculate it every time their owners send a transaction.
Overflow bug in reference C-language bech32 implementation
Trezor disclosed a bug in the reference function for Bech32 implementations written in the C programming language in November 2018. The bug does not affect implementations written in other programming languages.
It released a patch fixing the bug. Ledger informed Trezor about a similar bug in one of Trezor’s libraries for Bitcoin Cash addresses. Trezor also created a patch to fix it.
Bitcoin Optech fixed a denial-of-service vulnerability
The Bitcoin Optech team fixed a denial-of-service vulnerability that an attacker could have used to trick miners into accepting invalid bitcoin transactions. It recommended that miners and Bitcoin services upgrade their software to include the fix or wait for at least 30 confirmations.
Awemany originally reported the issue. Bitcoin Optech issued a warning about this vulnerability on September 20, 2018. According to the technical details, the bug could have enabled the miner to set up a precise set of conditions in which a sender could spend bitcoin twice.
Cory Fields reported a consensus-breaking bug in Bitcoin Cash
Cory Fields disclosed in August the same year that he made an anonymous report of a consensus-breaking bug in Bitcoin Cash after a frustrating experience with reporting the bug to Bitcoin Cash developers.
He recommended making it easier to report vulnerabilities to digital asset projects anonymously. Neha Narula added some recommendations to project maintainers for preventing potentially catastrophic bugs.
Vulnerability in SPV proofs is publicly disclosed by accident
A vulnerability in SPV proofs makes it possible to create an SPV proof of a non-existent transaction by creating a real 64-bit transaction that tricks miners into including it in a block. Bitcoin creator Satoshi Nakamoto predicted this flaw in SPV proofs in Section 8 of the Bitcoin Whitepaper.
Developers believed that an attacker using this exploit would find it more expensive than it’s worth. To cover their bases, though, they modified the Bitcoin Core RPCs to perform additional checks that can mitigate this vulnerability.