It was ethical to exploit the lightning bug – Bitcoin Magazine


This is the opinion editor of Shinobi, a self-taught educator and tech-focused Bitcoin podcast host in the Bitcoin space.

This is the second time in about a month that btcd/LND has exploited a bug that caused them to deviate from Bitcoin Core in consensus. Once again, Burak was the developer who triggered the vulnerability – this time clearly on purpose – and once again, it was a problem with the code for parsing Bitcoin transactions above the consensus layer. As I discussed in my article about the previous bug triggered by Burak, before Taproot there were limits on how large the script and witness data could be in a transaction. With the activation of Taproot, these restrictions have been removed, placing restrictions only on the block size limit itself to limit these parts of individual transactions. The problem with the last bug was that while the consensus code in btcd was properly upgraded to reflect this change, the code handling the peer-to-peer transfer was not properly upgraded, including parsing data before sending or receiving. So before the code was actually accepted to be approved for consensus, the processing blocks and transactions failed the data, never passed it to the consensus validation logic, and the block in question was never validated.





Source link