The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's 'FindAndDelete()' functionality, causing discrepancies in the validation of Bitcoin blocks. This can lead to a chain split (accepting an invalid block) or Denial of Service (DoS) attacks (rejecting a valid block). An attacker can trigger this vulnerability by constructing a 'standard' Bitcoin transaction that exhibits different behaviors in 'FindAndDelete()' and 'removeOpcodeByData()'.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2024-3189" }
{ "custom_ranges": [ { "events": [ { "introduced": "0.10.0" } ], "type": "ECOSYSTEM" } ], "imports": [ { "path": "github.com/btcsuite/btcd/txscript", "symbols": [ "Engine.Execute", "Engine.Step", "VerifyTaprootKeySpend", "baseSegwitSigVerifier.Verify", "baseSigVerifier.Verify", "baseTapscriptSigVerifier.Verify", "opcodeCheckMultiSig", "opcodeCheckSig", "opcodeCheckSigAdd", "opcodeCodeSeparator", "removeOpcodeByData", "taprootSigVerifier.Verify" ] } ] }