Posts Tagged Vulnerability

A Bitcoin transaction that takes 5 hours to verify

In 2013 I found a Bitcoin transaction that takes 3 minutes to verify (CVE-2013-2292) related to O(N^2) hashing in signatures. Since then, the O(N^2) argument has popped up in many contexts, mainly in discussions about a block size increase. Now the problem is partially solved by Segwit. During January 2016 I tried to beat the […]

, ,

1 Comment

The Bitcoin Freeze on Transaction Attack (FRONT)

Two month passed since my last post and the reason is I’ve been terribly busy working for Coinspect and also helping with Bitcoin Core security. A rainy Sunday evening is a great moment to write, so here is my new post, with some new thoughts. People are trying to understand the security guarantees Bitcoin provides. […]

, ,


Buggy CVE-2013-4627 patch, open new vectors of attack

Secure coding is hard. But in Bitcoin, secure coding also means understanding every little detail of the undocumented (or code-documented) rules that Satoshi the great has brought to us mortals. CVE-2013-4627 patches a DoS vulnerability discovered by Peter Todd. The vulnerability is easy to spot once you read the code after the patch was applied. […]

, ,

Leave a comment

CVE-2012-3789 disclosure

Given that update ratio from 0.6.2 to 0.6.3+ has probably passed the 80% (*) barrier for a long time, I decided to publish the full CVE-2012-3789 vulnerability report, since that is my obligation with the community. I encourage those who are working in the Satoshi client to peer review the report. Also I suggest […]

, , , ,

Leave a comment