Bitcoin Optech/
Bitcoin Optech Newsletter #411 Recap Podcast
A DoS vulnerability in LND's gossip rebroadcast logic was disclosed, allowing attackers to crash nodes by sending specifically crafted messages with zero timestamps. Additionally, Bitcoin Core is working to remove the libevent dependency to reduce security risks and maintenance burdens.
medium impactneutralBTCLND
Why It Matters
The LND vulnerability highlights the importance of state-machine fuzzing in identifying protocol-level edge cases that can lead to node crashes. The removal of libevent from Bitcoin Core reflects a broader effort to minimize external dependencies and mitigate supply chain risks in critical infrastructure.