CVE-2024-38365: Btcd Bug Could Have Led to Bitcoin Network Fork
A critical vulnerability in btcd, a popular alternative implementation of the Bitcoin protocol, could have allowed malicious actors to create a hard fork of the Bitcoin blockchain at minimal cost.
The vulnerability, tracked as CVE-2024-38365 and assigned a CVSS score of 7.4, stems from an error in how btcd verifies signatures for legacy Bitcoin transactions. This flaw, introduced in 2014, deviates from the consensus rules defined in the original Bitcoin codebase, potentially allowing for the creation of valid transactions that would be rejected by vulnerable btcd nodes.
The issue lies in btcd’s implementation of the removeOpcodeByData function, which is responsible for reconstructing the signed message during signature verification. Unlike the FindAndDelete function in Bitcoin Core, which only removes exact matches of the signature from the script, removeOpcodeByData removes any data push containing the signature, even with additional padding data.
This discrepancy allows attackers to craft special scripts that exploit this behavior. By embedding a signature within a data push alongside extra data, they can create transactions that appear valid to Bitcoin Core nodes but are rejected by vulnerable btcd nodes.
The impact of this vulnerability is significant, as attackers could use it to force vulnerable Btcd nodes into a forked chain, leading to network instability and transaction processing issues.
“An attacker can create a standard transaction where FindAndDelete doesn’t return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power,” reads the security advisory.
The CVE-2024-38365 vulnerability was discovered and reported by researchers Niklas and Antoine. The btcd development team has addressed the issue in version 0.24.2. All users are strongly encouraged to update their btcd nodes to the latest version to prevent potential exploitation.
