Taking advantage of the lightning bug was ethical – Bitcoin Magazine

This is an opinion editorial by Shinobi, a self-taught educator in the Bitcoin space and technology-oriented Bitcoin podcast host.

For the second time in about a month, btcd / LND exploited a bug that led them to deviate from Bitcoin Core in consensus. Once again, Burak was the developer who triggered this vulnerability – this time it was clearly intentional – and again it was a problem with the code for analyzing Bitcoin transactions above the consensus level. As I discussed in my piece on the previous bug triggered by Burak, prior to Taproot there were limits on how large the script and witness data could be in a transaction. With the activation of Taproot, these limits have been removed leaving only the limitations on the size of the block itself to limit these parts of the individual transactions. The problem with the latest bug was that although the consent code in btcd had been correctly updated to reflect this change, the code that handled peer-to-peer transmission, including parsing the data before submission or during receiving, was not updated correctly. So blocks and code processing transactions before they were actually passed to be validated for consent failed data, never passed it to consent validation logic, and the block in question was never validated.

.

Leave a Reply

%d bloggers like this: