Niklas Gögge
@dergoegge
Followers
926
Following
854
Media
11
Statuses
104
fuzzing around and finding out @bitcoinbrink
Joined July 2014
Remotely reachable assertion crash in Bitcoin Core <v25.0: Very happy that this is finally public, please upgrade your nodes if you haven't already!.
bitcoincore.org
Disclosure of CVE-2024-35202
6
26
71
RT @bitcoinbrink: Russell O’Connor joined us to explain his work on formal verification of software, the process of mathematically proving….
0
14
0
We're hiring fuzzing interns at Brink. Consider applying if you're interested in building out Bitcoin Core's fuzz testing, tooling and infrastructure!.
1
20
64
RT @bitcoinbrink: One year ago Marco (@macrohead7) embarked on a year long Brink fellowship in our London office. Today, after a year of pr….
0
5
0
RT @bitcoinbrink: Brink is happy to announce that Niklas Gögge (@dergoegge) joined our grant committee!. With his experience focused on Bit….
0
8
0
The following is a sketch of the triggering testcase. Quite complex, involving mempool submission and reorgs!
2
2
7
An assertion failure in the mempool sanity checks:
github.com
This is a draft implementation of the cluster mempool design described in #27677. I'm opening this as a draft PR now to share the branch I'm working on with others, so that we can ...
1
1
5
Fuzzamoto found another bug over the weekend, this time in the cluster mempool PR🪲
4
16
83
RT @0xB10C: I've persistent my notes on the May 2023 Bitcoin Core node DoS problems. These are background information for the disclosure fr….
b10c.me
In October 2024, the Bitcoin Core project disclosed a Denial-of-Service due to inv-to-send sets growing too large, which I authored, for Bitcoin Core versions before v25.0. I have a few notes and...
0
15
0
It's a remotely triggerable assertion crash in the deserialization code of minisketch (.
github.com
Erlay Project Tracking: #30249 This is a full implementation of Erlay. Its purpose is to check the integrity and correctness of the implementation against changes/additions that may originate from...
0
1
18
Fuzzamoto just found its first bug on a Bitcoin Core PR🐛
I've been exploring the use of full-system snapshot fuzzing (heavily leaning on for Bitcoin Core and just open sourced my work so far:
8
30
165
RT @Stphnvlstk: Have you, too, had enough of Core devs abusing their power to release highly reviewed software with sane defaults?. Come to….
0
21
0
RT @bitcoincoreorg: Bitcoin Core v29.0 was released!.It is available from: Release notes:
bitcoincore.org
Bitcoin Core 29.0
0
157
0
RT @bitcoinbrink: We are excited to announce that Eugene Siegel has joined Brink as an open source engineer working on fuzz testing and Bit….
0
17
0
"This new fee bumping strategy has some nice security benefits and is something other Lightning implementations should consider adopting".
morehouse.github.io
Discussion about the benefits of LND's new approach to fee bumping commitment and HTLC transactions.
0
0
2
As a PoC it includes a harness that can find CVE-2024-35202 (no refactoring within Bitcoin Core required, all testing is performed through the publicly reachable p2p port):
1
2
17
I've been exploring the use of full-system snapshot fuzzing (heavily leaning on for Bitcoin Core and just open sourced my work so far:
github.com
Holistic Fuzzing for Bitcoin Protocol Implementations - dergoegge/fuzzamoto
2
15
59