← Back

Blog & Publications

2026

  • Fuzzamoto: Introduction

    Fuzzamoto is an external fuzz testing suite for Bitcoin full nodes that uses snapshot fuzzing with VMs to run full-system simulations. This is the first part of a series of blog posts, covering motivation, design insights, and an example of a bug it found.

2024

  • CVE-2024-38365: Btcd FindAndDelete bug

    Btcd incorrectly implemented the FindAndDelete operation for legacy signature verification, removing any data push containing a signature rather than only exact matches. This discrepancy allowed standard transactions to cause chain splits between btcd and Bitcoin Core.

  • CVE-2024-35202: Bitcoin Core blocktxn crash

    A bug in Bitcoin Core's compact block handling allowed remote attackers to crash nodes by sending a malicious blocktxn message. The issue occurred because state wasn't properly cleared after collision detection, causing an assertion failure on a second FillBlock call.

  • CVE-2024-34478: Btcd signed version bugs

    Btcd incorrectly treated transaction versions as signed integers when validating BIP 68 and BIP 112 relative timelocks. This could cause chain splits between btcd and Bitcoin Core, putting Lightning Network users at risk of fund loss. Found via differential fuzzing.

2023

  • LND channel update gossip DoS

    Two denial-of-service bugs in LND's gossip handling. One exploited an unbounded buffer for premature channel updates to cause memory exhaustion. The other applied rate limits before signature validation, allowing attackers to censor valid updates through spam.

2022

  • Routing Convergence in the Lightning Network

    Research paper investigating gossip protocol delays in the Lightning Network. We measured actual convergence delays, found they are significantly larger than protocol specs suggest, and proposed solutions ranging from parameter tweaks to protocol redesigns.

2021

  • Firefox Fetch Metadata headers

    Firefox 90 added support for Fetch Metadata Request Headers, enabling servers to protect against cross-site request forgery, cross-site leaks, and Spectre attacks. Headers like Sec-Fetch-Site let servers distinguish legitimate requests from malicious ones.