Update btcd: btcd mishandles witness size checking #14845
Labels
Comments
robert-zaremba
added
T: Security
dependencies
19 tasks
|
Tendermint should be updated as well. |
|
NOTE: master was updated already. |
Right, this is why <= v0.46 has not been bumped. To completely remove the dependency is quite something, with Rosetta in <= v0.46 (next to TM). Are we even using witness size checking? We accelerated the removal of that dep in v047 and main because CI started to get pedantic. For reference: tendermint/tendermint#9783, #13513, #14123, #14118 (comment). |
|
we are using the library, so we should use the right version at least in the Cosmos SDK. |
|
Merged in #14846 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.
btcdshould be updated to0.23.3.In Cosmos SDK we don't use btcd directly. We only use
github.com/btcsuite/btcd/btcecwhich was extracted to it's own module only in v2.I tried to make the update, but it requires Tendermint update as well.
Version
0.46.x
Steps to Reproduce
The text was updated successfully, but these errors were encountered: