ChainCatcher news, according to Protos, Bitcoin developers recently disclosed details of a high-risk software vulnerability named CVE-2024-35202. According to senior core developers, over 13% of home and commercial computers executing Bitcoin rules globally are affected by a remote shutdown vulnerability.The vulnerability affects nodes running versions of Bitcoin Core prior to 25.0, allowing attackers to crash nodes by manipulating block transaction messages. The vulnerability originates from Core's compact block protocol, which uses shortened transaction identifiers to reduce internet bandwidth usage. Attackers can trigger conflicts in these identifiers, causing nodes to request complete blocks. While requesting complete, untruncated blocks is a security precaution, versions of the software prior to 25.0 have flaws in the logic for handling subsequent blocktxn messages.In short, nodes can be forced into an invalid state by manipulating logic gates, leading to a complete crash. Although there is no economic incentive for ordinary attackers, developers strongly recommend that node operators update to the latest version. The credit for discovering and disclosing this vulnerability goes to Niklas Gögge, and Bitcoin Core 25.0 has resolved this issue.

ChainCatcher news, according to Protos, Craig Wright seems to be representing himself in the latest lawsuit against Bitcoin Core and Jack Dorsey's payment company Square. Bitmex Research points out that the UK High Court case tracking shows that Wright recently filed a lawsuit as a "party," indicating that he may be pursuing the case without legal representation.Although the lawsuit specifically names the software used for distributing Bitcoin, Bitcoin Core, and Square Up Europe Ltd., the case tracking page does not specify the purpose of the lawsuit.Recently, Wright posted an article on X regarding the lawsuit and legal threats against MicroStrategy, but it is currently unclear whether this is related to the lawsuit.He is attempting to file three legal appeals in the UK, all of which are awaiting approval. Two of them are against the Crypto Open Patent Alliance (COPA), and one is against Peter McCormack.

ChainCatcher news, former Bitcoin Core developer Peter Todd denied being Bitcoin founder Satoshi Nakamoto on the eve of HBO's upcoming documentary about Satoshi Nakamoto. Peter Todd stated in an interview that the accusations from documentary producer Cullen Hoback are baseless.It is reported that there was a leaked video suspected to be from the HBO documentary, in which HBO believes Bitcoin Core developer Peter Todd is the Bitcoin founder Satoshi Nakamoto. However, the authenticity of the leaked video has not been officially confirmed, and there is a possibility of false information.

ChainCatcher news, according to Protos, Bitcoin Core developers have issued a new high-risk warning, stating that one in every six Bitcoin nodes has a software vulnerability. On Thursday, the staff responsible for maintaining the open-source Bitcoin Core project, which runs on over 98% of reachable full nodes, disclosed that the software running on 17% of the nodes in the network has significant security issues. Specifically, all software versions below Bitcoin Core 24.0.1 are at risk. According to monitoring estimates from Bitnodes, this denial-of-service vulnerability affects approximately 3,330 of the 19,200 self-identified user agents of accessible Bitcoin full nodes.In Bitcoin Core software prior to version 24.0.1, malicious actors could spam nodes with low-difficulty header chains. By forcing nodes to download and store extremely long header chains, the attack could crash nodes by consuming excessive bandwidth or device storage space. Developers fixed this vulnerability in Bitcoin Core pull request (PR) number 25717 and merged it into production with the release of v24.0.1 on December 12, 2022. The current version of Bitcoin Core node software (now 27.1) includes fixes for this vulnerability and others.Although this vulnerability is quite serious, there are few known cases of attacks exploiting it in public records. The cost of generating and broadcasting block header chains to execute a denial-of-service attack is relatively high, making the vulnerability of little economic benefit to attackers.

ChainCatcher news, according to official sources, the Arthur Hayes family office Maelstrom has announced that it has awarded the first grant of its Bitcoin developer program to contributor Rkrux. This funding will support Rkrux in working full-time on Bitcoin Core, with the specific amount of funding not yet disclosed.

ChainCatcher news, according to Cointelegraph, Bitcoin Core developers have launched a "Critical Bug" disclosure policy aimed at more effectively communicating about Bitcoin security vulnerabilities.In a letter sent on July 3 to members of the Bitcoin Development mailing list, Bitcoin Core developer Antoine Poinsot and five others stated: "The project has historically performed poorly in publicly disclosing security-critical vulnerabilities, whether reported externally or discovered by contributors. There is a dangerous perception that Bitcoin Core has no bugs, which is dangerous and, unfortunately, not accurate."

ChainCatcher news, according to Bitcoin.com, the Bitcoin Core Optech Newsletter #306 advises users to "upgrade to Bitcoin Core 25.0 or higher within the next two weeks, with the latest version being 27.0."Several Bitcoin Core project members discussed a new policy regarding vulnerability disclosure. If Bitcoin Core releases a new version, low-severity vulnerabilities will be disclosed approximately two weeks after the new version is released, while most other vulnerabilities will be disclosed after the affected version reaches its end of life.

ChainCatcher news, Bitcoin Core developer Peter Todd posted on platform X that Starknet's foray into Bitcoin's scaling layer is a good reason to oppose enabling OP_CAT. Starknet could bring destructive MEV shenanigans to Bitcoin, just like Ethereum, and pouring large amounts of funds into the nascent STARKS is unreliable; Eli's Zcash has repeatedly (maliciously) exploited token inflation.

ChainCatcher news, the proposal "datacarriersize: Match more datacarrying #28408" initiated by Bitcoin Core developer Luke Dashjr discussed the issue of whether to restrict inscriptions. After discussions among several Bitcoin Core developers, it was not approved, and the proposal is currently marked as closed.It is reported that Bitcoin Core developer Ava Chow summarized and closed this PR, stating that it is clear this proposal is controversial, and given the current situation, it is impossible to reach a conclusion that satisfies everyone, believing there is no need to continue the discussion.Additionally, another Bitcoin Core code maintainer, gloria, summarized this PR.Supporting Luke's viewpoint are:Stop inscriptions; they are spam;Inscriptions and embedded data can harm the network;People want this: there is user demand and specific use cases that Bitcoin Core should provide; another option is for people to write and run patches, but this may be unsafe;This is just fixing the data carrier size to work as intended;Opposing Luke's viewpoint are:This will not stop inscriptions; miners are unlikely to adopt this strategy as it is incompatible with incentives;We cannot write code to detect all embedded data;This PR changes the default mempool policy, posing potential harm to individual node operators and the network;Other opposing viewpoints include:Generally speaking, using mempool policies to block usage is ineffective;Attempting to "review" transactions based on usage is inappropriate; the free market determines the use of Bitcoin;This also changes the operation of -datacarriersize executed from underlying users.

ChainCatcher news, asset management group VanEck stated on social media that it will make a long-term investment in the Bitcoin ecosystem. At the same time, VanEck promised that if the Bitcoin spot ETF is approved, it will donate 5% of the ETF's profits to the Bitcoin Core development organization Brink, and continue for at least 10 years.

ChainCatcher news, Slow Mist founder Yu Xian stated on social media that it is quite normal for CVE numbers to be referenced by NVD, and it does not rise to the level of "seeking help from the U.S. federal government to try to review serial numbers/inscription transactions."ChainCatcher previously reported that Bitcoin Core developer Luke Dashjr posted on the X platform stating that the "inscription" exploits a vulnerability in the Bitcoin Core client and has been assigned the identifier CVE-2023-50428.

ChainCatcher news, Slow Mist founder Yu Xian expressed on social media regarding Bitcoin Core developer Luke Dashjr that the "inscription" exploiting a vulnerability in the Bitcoin Core client has been assigned the identifier CVE-2023-50428. He stated that the issue of inscription has been assigned a CVE number, which is a significant blow, clearly characterizing it as a vulnerability.CVE numbers are not a new thing; many security teams/individuals can apply for them, so it’s not taken too seriously. However, roles related to the Bitcoin ecosystem may value this, as CVE numbers are one of the most recognized proofs of vulnerabilities in the security industry.

ChainCatcher news, Bitcoin Core developer Luke Dashjr posted on platform X that the "inscriptions" exploit has been assigned the identifier CVE-2023-50428 due to a vulnerability in the Bitcoin Core client.Previously reported, Luke Dashjr indicated that inscriptions are exploiting a vulnerability in the Bitcoin Core client to send spam to the blockchain. Since 2013, Bitcoin Core has allowed users to set an additional data size limit ('-datacarriersize') when forwarding or mining transactions. Inscriptions bypassed this limit by disguising their data as program code.

ChainCatcher news, Bitcoin Core developer Luke Dashjr posted on social media, "The discussion about OP_RETURN is not new; it dates back to 2014 when Bitcoin Core 0.9.0 was released, which included the OP_RETURN policy aimed at preventing more severe forms of spam. At that time, the default maximum data carrier size limit implemented by all nodes was 40 bytes; this has always been and remains sufficiently large for binding data to transactions (32 bytes for a hash, 8 bytes for a unique identifier). The subsequent increase of the default value to 80 bytes was a completely voluntary decision and in no way contradicts the design goal of OP_RETURN to create provably prunable outputs to minimize the damage caused by data storage schemes, which have always been considered abusive. There are also other good technical reasons why I choose to retain the lower default value of Bitcoin Knot, and there is no reason to increase it."Luke Dashjr stated that he and the OCEAN team have no intention of filtering coinjoin transactions. These provide an innovative tool for enhancing Bitcoin privacy, and when constructed correctly, coinjoins can easily stay within the OP_RETURN limit (in fact, they have no reason to have any OP_RETURN data at all). He has some personal ideas on how to mitigate the recent issues, namely that some coinjoin transactions were flagged as spam by Knots v25, and he is willing to leverage all his and his team's resources to sincerely collaborate on developing solutions.

ChainCatcher message, Bitcoin Core developer Luke Dashjr responded on social media to a user's claim that "the Bitcoin protocol Stamp will not be pruned," stating that this is just another scam.

ChainCatcher news, Bitcoin Core developer Luke Dashjr stated on social media that Ordinals is just a scam.

ChainCatcher news, Bitcoin Core early developer Luke Dashjr posted on platform x: "We don't have to eliminate all inscriptions to benefit Bitcoin."According to OKX market data, ORDI has rebounded by about 19% in 1 hour, currently priced at 50 dollars.