Bitcoin SV vulnerabilities: What were they and how were they caught?

We now have a deeper look into how the Bitcoin SV Node Implementation team found three high risk flaws in Bitcoin SV’s (BSV) code. Trail of Bits CEO Dan Guido detailed how his team approached their audit in a twitter thread, and the BSV node team gave more details about the vulnerabilities in a post to their website.

Guido notes that this may be the first time a professional auditing firm has reviewed the security of a Bitcoin client. Considering Bitcoin was born over ten years ago, it’s a good thing the BSV team decided it finally needed a more thorough analysis.

Guido explains how they found the vulnerabilities: “We developed libFuzzer and AFL drivers targeted to specific areas of high-priority attack surface and modified build scripts to support a ‘fuzzer mode.’ Fuzz testing is an automated way of providing junk code to a program to see how it reacts.

Using this method, they found the three denial of service vulnerabilities the BSV node team would go on to fix on February 11 with the release of Bitcoin SV 0.1.1. The first, as the team describes it, would allow a “malicious remote host to send an arbitrary number of p2p messages with invalid checksums, wasting the victim node’s CPU and network resources.”

The second vulnerability involved sendheader messages. Before the fix was implemented, theoretically, an attacker could flood a victim with empty messages, consuming resources, and a node would be powerless to detect the attack.

Lastly, an attacker could trick a node with falsified values, causing it to waste significant “memory and CPU time.”

None of these loopholes caused a serious threat to the Bitcoin network, but they would have opened up individual nodes and miners to potentially annoying and costly denial of service attacks, without much cost to the attacker.

As noted previously, all of these vulnerabilities have not only been fixed, but also shared with the Bitcoin Unlimited, Bitcoin XT, Bitcoin Cash (BCHABC) and Bitcoin Core (BTC) teams so they can fix them as well.

Guido ended his Twitter thread by noting two important things. His team is neutral on the question of which blockchain should be successful, and just wants to help the entire community. He also notes that the BSV Node team gave Trail of Bits total freedom to run the audit in the way that worked best, a demonstration that the audit was done with the best intentions for BSV, whatever it may have revealed.

It can’t be stated enough how important this audit was. The BSV team is dedicated to creating the most secure, professional blockchain, so that it may be used for real enterprise adoption. That can only be done when the work is taken seriously, and every flaw scrutinized so that BSV can be the best blockchain available.

https://www.youtube.com/watch?v=gBb9FSxfyVs