Responsible disclosures
Responsible disclosures were occasions when someone discovered a vulnerability in Bitcoin-related software and reported it to developers, affected users, and the public in a way that helped minimize harm.
This page lists occasions when Optech reported on a responsible disclosure and makes a best-effort attempt to cite the names of the people who made the disclosure. There are many other responsible disclosures not listed here, including those which have not been publicized yet.
Optech newsletter and website mentions
2024
- David Jaenson and Braydon Fuller independently disclose headers DoS attack against Bitcoin Core
- Lloyd Fournier, Nick Farrow, and Robin Linus disclosed Dark Skippy fast seed exfiltration attack
- Peter Todd responsibly disclosed a free relay attack exploiting RBF policy differences
- Matt Morehouse responsibly disclosed vulnerability affecting LND onion packet parsing
- Eugene Siegel responsibly disclosed a Bitcoin Core block stalling bug affecting LN
- Niklas Gögge responsibly disclosed a consensus bug affecting btcd
- Matt Morehouse responsibly disclosed vulnerability affecting Core Lightning
- Niklas Gögge responsibly disclosed two vulnerabilities affecting LND
2023
- Antoine Riard responsibly discloses replacement cycle attacks affecting all HTLC-using software
- Matt Morehouse disclosed fake channels vulnerability against four major LN node implementations
- Milk Sad team disclosed CVE-2023-39910 insecure entropy in Libbitcoin
bx
command
2022
- Anthony Towns disclosed a DoS and potential funds loss bug in BTCD and LND
- Bastien Teinturier disclosed issue allowing funds loss from Core Lightning and LND
2021
- Ajmal Aboobacker and Abdul Muhaimin disclose cross-site scripting vulnerabilities in BTCPay Server
- Eugene Siegel responsibly disclosed a remote crash vulnerability in Bitcoin Core
- Antoine Riard disclosed CVE-2021-31876 enhanced pinning against LN due to BIP125 discrepancy
2020
- Antoine Riard disclosed CVE-2020-26895 and CVE-2020-26896 allowing funds theft from LND
- Michael Ford disclosed a Bitcoin Core vulnerability based on a discovery by Ronald Huveneers
- Practicalswift responsibly disclosed a netsplit vulnerability in Bitcoin Core
- Braydon Fuller and Javed Khan report CVE-2018-17145 DoS vulnerability to devs of full nodes
- René Pickhardt disclosed fee ransom attack affecting multiple LN implementations
- Saleem Rashid disclosed to Trezor an issue previously identified by Greg Sanders
- John Newbery responsibly disclosed memory Dos vulnerability in Bitcoin Core
- John Newbery responsibly disclosed CPU-wasting DoS in Bitcoin Core
- John Newbery responsibly disclosed tx censorship vulnerability co-discovered by Amiti Uttarwar
2019
- Michael Ford responsibly disclosed a BIP70-related vulnerability in Bitcoin Core
- Sec.eine responsibly disclosed a node stalling vulnerability in Bitcoin Core
- Suhas Daftuar disclosed a bug that could temporarily exclude a Bitcoin Core node from consensus
2018
- Sergio Demian Lerner disclosed CVE-2017-12842 which allows stealing from SPV wallets
- Trezor team disclosed a bug in the C-language bech32 specification affecting multiple wallets
- Bitcoin Core developers quietly fix bug allowing invalid bitcoins after DoS report from Awemany
- Awemany disclosed CVE-2018-17144 as a DoS vulnerability in Bitcoin Core
- Cory Fields disclosed a consensus failure vulnerability Bitcoin ABC (Bitcoin Cash)
2017
2015
- Wladimir Van Der Laan responsibly disclosed vulnerability affecting miniupnpc, used by Bitcoin Core
- Evil-Knievel responsibly disclosed vulnerability that could be used to crash Bitcoin Core
See also
Previous Topic:
Reproducible builds
Next Topic:
Schnorr signatures