Bitcoin Optech Newsletter #405

Bitcoin Optech Newsletter #405 highlights the responsible disclosure and fix of a significant vulnerability, CVE-2024-52911, affecting Bitcoin Core versions from 0.14.0 up to 28.x. This use-after-free bug, occurring during parallel script validation, could allow an attacker with sufficient proof-of-work to crash Bitcoin Core nodes using specially-crafted invalid blocks. While remote code execution was theoretically possible, its practical execution was deemed unlikely. Discovered and responsibly disclosed by Cory Fields, the issue was successfully patched in Bitcoin Core 29.0. Additionally, the newsletter announces a new draft BIP proposal by Fabian Jahr aimed at improving the `assumeUTXO` feature. This proposal seeks to streamline the initial synchronization process for new Bitcoin nodes by enabling them to receive the full UTXO set directly from their peers over the P2P network, enhancing network efficiency and node bootstrapping.