delvingbitcoin

CVE-2024-38365 public disclosure (btcd `FindAndDelete` bug)

CVE-2024-38365 public disclosure (btcd `FindAndDelete` bug)

Original Postby AntoineP

Posted on: October 15, 2024 08:57 UTC

Exploring the intricacies of Bitcoin's scripting mechanisms, a critical understanding emerges around the use of OP_CODESEPARATOR in relation to Segregated Witness (SegWit) transactions.

The discussion highlights that a signature does not necessarily need to commit to the scriptCode. This is particularly significant because by leveraging OP_CODESEPARATOR, a user can extract the signature from the scriptCode. This method effectively circumvents potential vulnerabilities associated with the FindAndDelete function, primarily because once the signature is separated using OP_CODESEPARATOR, it becomes immune to the FindAndDelete discrepancy as there is no signature within the scriptCode for it to locate and manipulate. This aspect of Bitcoin's scripting language underscores a nuanced layer of security provided against certain types of exploits through its design, ensuring robustness in transaction integrity.