Responsible disclosures
Responsible disclosures were occassions when someone discovered a vulnerability in Bitcoin-related software and reported it to developers in a way that helped minimize harm.
This page lists occasions when Optech reported on a responsible disclosure and makes a best-effort attempt to cite the names of the people who made the disclosure. There are many other responsible disclosures not listed here, including those which have not been publicized yet.
Optech newsletter and website mentions
2022
- Anthony Towns disclosed a DoS and potential funds loss bug in BTCD and LND
- Bastien Teinturier disclosed issue allowing funds loss from Core Lightning and LND
2021
- Ajmal Aboobacker and Abdul Muhaimin disclose cross-site scripting vulnerabilities in BTCPay Server
- Antoine Riard disclosed CVE-2021-31876 enhanced pinning against LN due to BIP125 discrepancy
2020
- Antoine Riard disclosed CVE-2020-26895 and CVE-2020-26896 allowing funds theft from LND
- Braydon Fuller and Javed Khan report CVE-2018-17145 DoS vulnerability to devs of full nodes
- René Pickhardt disclosed fee ransom attack affecting multiple LN implementations
- Saleem Rashid disclosed to Trezor an issue previously identified by Greg Sanders
2018
- Sergio Demian Lerner disclosed CVE-2017-12842 which allows stealing from SPV wallets
- Trezor team disclosed a bug in the C-language bech32 specification affecting multiple wallets
- Bitcoin Core developers quietly fix bug allowing invalid bitcoins after DoS report from Awemany
- Awemany disclosed CVE-2018-17144 as a DoS vulnerability in Bitcoin Core
-
Cory Fields disclosed a consensus failure vulnerability Bitcoin ABC (Bitcoin Cash)
Previous Topic:
Reproducible builds
Next Topic:
Schnorr signatures