💬 Eunovo commented on pull request "Silent Payments: Receiving":
(https://github.com/bitcoin/bitcoin/pull/32966#discussion_r2217694846)
I broke this into 3 commits.
(https://github.com/bitcoin/bitcoin/pull/32966#discussion_r2217694846)
I broke this into 3 commits.
💬 Eunovo commented on pull request "Silent Payments: Receiving":
(https://github.com/bitcoin/bitcoin/pull/32966#discussion_r2217695331)
I ended up leaving the reference and used it in 2 other locations. The code looks slightly cleaner this way.
(https://github.com/bitcoin/bitcoin/pull/32966#discussion_r2217695331)
I ended up leaving the reference and used it in 2 other locations. The code looks slightly cleaner this way.
💬 Eunovo commented on pull request "Silent Payments: Receiving":
(https://github.com/bitcoin/bitcoin/pull/32966#issuecomment-3094352453)
Added @achow101 as co-author on commits with code/ideas taken from https://github.com/bitcoin/bitcoin/pull/28453
(https://github.com/bitcoin/bitcoin/pull/32966#issuecomment-3094352453)
Added @achow101 as co-author on commits with code/ideas taken from https://github.com/bitcoin/bitcoin/pull/28453
💬 hebasto commented on pull request "p2p: improve TxOrphanage denial of service bounds":
(https://github.com/bitcoin/bitcoin/pull/31829#discussion_r2217735632)
b113877545a1c83b470a380402b4409aa02c8282
On Alpine Linux v3.22, using GCC 14.2.0:
```
[ 74%] Building CXX object src/test/fuzz/CMakeFiles/fuzz.dir/txorphan.cpp.o
In file included from /bitcoin/src/script/script.h:10,
from /bitcoin/src/primitives/transaction.h:11,
from /bitcoin/src/consensus/validation.h:11,
from /bitcoin/src/test/fuzz/txorphan.cpp:6:
/bitcoin/src/crypto/common.h: In function 'void txorphanage_sim_fuzz_target(FuzzBuffer
...
(https://github.com/bitcoin/bitcoin/pull/31829#discussion_r2217735632)
b113877545a1c83b470a380402b4409aa02c8282
On Alpine Linux v3.22, using GCC 14.2.0:
```
[ 74%] Building CXX object src/test/fuzz/CMakeFiles/fuzz.dir/txorphan.cpp.o
In file included from /bitcoin/src/script/script.h:10,
from /bitcoin/src/primitives/transaction.h:11,
from /bitcoin/src/consensus/validation.h:11,
from /bitcoin/src/test/fuzz/txorphan.cpp:6:
/bitcoin/src/crypto/common.h: In function 'void txorphanage_sim_fuzz_target(FuzzBuffer
...
🤔 OrangeDoro reviewed a pull request: "test: revive test verifying that `GetCoinsCacheSizeState` switches from OK→LARGE→CRITICAL"
(https://github.com/bitcoin/bitcoin/pull/33021#pullrequestreview-3035969517)
Hi! I'm a grad student working on a research project about using large language models to automate code review. Based on your commit 966bbabbd69039a2c7a03429c783f7d6e6a7c2a7 and the changes in src/test/validation_flush_tests.cpp, my tool generated this comment:
1. **Dynamic Memory Usage Check**: Ensure that the expected behavior of `DynamicMemoryUsage()` aligns with the assumptions made in this test.
2. **Dynamic Memory Usage Checks**: The checks for `view.DynamicMemoryUsage()` are essential t
...
(https://github.com/bitcoin/bitcoin/pull/33021#pullrequestreview-3035969517)
Hi! I'm a grad student working on a research project about using large language models to automate code review. Based on your commit 966bbabbd69039a2c7a03429c783f7d6e6a7c2a7 and the changes in src/test/validation_flush_tests.cpp, my tool generated this comment:
1. **Dynamic Memory Usage Check**: Ensure that the expected behavior of `DynamicMemoryUsage()` aligns with the assumptions made in this test.
2. **Dynamic Memory Usage Checks**: The checks for `view.DynamicMemoryUsage()` are essential t
...
🤔 OrangeDoro reviewed a pull request: "test: Do not pass tests on unhandled exceptions"
(https://github.com/bitcoin/bitcoin/pull/33001#pullrequestreview-3035969810)
Hi! I'm a grad student working on a research project about using large language models to automate code review. Based on your commit faa3e684118bffa7a98cf76eeeb59243219df900 and the changes in test/functional/test_framework/test_framework.py, my tool generated this comment:
1. Ensure that `e.stdout` and `e.stderr` are checked for existence before logging to prevent potential `AttributeError`. Consider using `getattr(e, 'stdout', 'N/A')` and `getattr(e, 'stderr', 'N/A')`.
2. Change `except Base
...
(https://github.com/bitcoin/bitcoin/pull/33001#pullrequestreview-3035969810)
Hi! I'm a grad student working on a research project about using large language models to automate code review. Based on your commit faa3e684118bffa7a98cf76eeeb59243219df900 and the changes in test/functional/test_framework/test_framework.py, my tool generated this comment:
1. Ensure that `e.stdout` and `e.stderr` are checked for existence before logging to prevent potential `AttributeError`. Consider using `getattr(e, 'stdout', 'N/A')` and `getattr(e, 'stderr', 'N/A')`.
2. Change `except Base
...
⚠️ starixapp opened an issue: "[SECURITY] Urgent Disclosure Coordination Request – High-Risk CI/CD Vulnerability"
(https://github.com/bitcoin/bitcoin/issues/33022)
Hello Bitcoin Core Maintainers,
I’ve discovered a high-impact, multi-stage vulnerability chain that affects the CI/CD pipeline and trust chain of Bitcoin Core. The potential financial and systemic risk, if exploited, is critical and affects build integrity, wallet safety, and release trust.
I have already sent a private disclosure request to `security@bitcoincore.org` but have not yet received acknowledgment.
Due to the severity of the issue, I am requesting urgent coordination via a secure c
...
(https://github.com/bitcoin/bitcoin/issues/33022)
Hello Bitcoin Core Maintainers,
I’ve discovered a high-impact, multi-stage vulnerability chain that affects the CI/CD pipeline and trust chain of Bitcoin Core. The potential financial and systemic risk, if exploited, is critical and affects build integrity, wallet safety, and release trust.
I have already sent a private disclosure request to `security@bitcoincore.org` but have not yet received acknowledgment.
Due to the severity of the issue, I am requesting urgent coordination via a secure c
...
💬 kanzure commented on issue "[SECURITY] Urgent Disclosure Coordination Request – High-Risk CI/CD Vulnerability":
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094520900)
Stop spamming all the different channels. Message received. No details are provided, and therefore I cannot act upon it. Stop.
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094520900)
Stop spamming all the different channels. Message received. No details are provided, and therefore I cannot act upon it. Stop.
💬 starixapp commented on issue "[SECURITY] Urgent Disclosure Coordination Request – High-Risk CI/CD Vulnerability":
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094524335)
It’s disappointing to see that a critical vulnerability disclosure, made with clear ethical intent and no technical details exposed, is being dismissed as “spam”.
You’ve just publicly mocked a security researcher for *not leaking sensitive data*, while ignoring the fact that your security email hasn’t responded in days.
That’s not just unprofessional — it’s reckless.
I followed responsible disclosure standards to the letter:
- No PoC shared publicly
- No exploit details revealed
- Requested o
...
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094524335)
It’s disappointing to see that a critical vulnerability disclosure, made with clear ethical intent and no technical details exposed, is being dismissed as “spam”.
You’ve just publicly mocked a security researcher for *not leaking sensitive data*, while ignoring the fact that your security email hasn’t responded in days.
That’s not just unprofessional — it’s reckless.
I followed responsible disclosure standards to the letter:
- No PoC shared publicly
- No exploit details revealed
- Requested o
...
💬 starixapp commented on issue "[SECURITY] Urgent Disclosure Coordination Request – High-Risk CI/CD Vulnerability":
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094525768)
Bryan,
Respectfully, your tone suggests authority, but to be clear: you are not listed as a security contact nor do you appear to represent Bitcoin Core’s responsible disclosure process.
If you are not in charge of CI/CD infrastructure or part of the official security response team, dismissing a potential systemic vulnerability as “spam” is not only inappropriate — it’s dangerous.
If you’d like to discuss memes or mailing lists, that's fine. But if you're not the person handling billion-dolla
...
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094525768)
Bryan,
Respectfully, your tone suggests authority, but to be clear: you are not listed as a security contact nor do you appear to represent Bitcoin Core’s responsible disclosure process.
If you are not in charge of CI/CD infrastructure or part of the official security response team, dismissing a potential systemic vulnerability as “spam” is not only inappropriate — it’s dangerous.
If you’d like to discuss memes or mailing lists, that's fine. But if you're not the person handling billion-dolla
...
💬 kanzure commented on issue "[SECURITY] Urgent Disclosure Coordination Request – High-Risk CI/CD Vulnerability":
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094531100)
Your message is literally spam. It was sent four times to the mailing list in minutes, with slight variations testing filters I assume. It carries no pertinent information, and no patch to fix any security issues. Yes, I speak with authority because I know that anyone is able to contribute patches to GitHub. Also, if I am to believe you are truthful, then I'm also to believe you are truthful when you say that you sent to the security mailing list as well. So why would I not believe that? I'm spe
...
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094531100)
Your message is literally spam. It was sent four times to the mailing list in minutes, with slight variations testing filters I assume. It carries no pertinent information, and no patch to fix any security issues. Yes, I speak with authority because I know that anyone is able to contribute patches to GitHub. Also, if I am to believe you are truthful, then I'm also to believe you are truthful when you say that you sent to the security mailing list as well. So why would I not believe that? I'm spe
...
💬 kanzure commented on issue "[SECURITY] Urgent Disclosure Coordination Request – High-Risk CI/CD Vulnerability":
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094546396)
I suppose the other possibility is that you do not want to use the PGP keys from the website or repository? But you specifically say you are looking for PGP keys.
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094546396)
I suppose the other possibility is that you do not want to use the PGP keys from the website or repository? But you specifically say you are looking for PGP keys.
💬 starixapp commented on issue "[SECURITY] Urgent Disclosure Coordination Request – High-Risk CI/CD Vulnerability":
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094551778)
At this point, it’s clear you're more interested in gatekeeping than in actual security.
You’re attacking a disclosure you haven’t seen, dismissing a threat you haven’t reviewed, and injecting yourself into a process you’re not responsible for — all while preaching about protocol you clearly don't understand.
Let me be clear:
- I used the correct PGP keys.
- I used the official security contact.
- I requested private coordination to avoid exactly this kind of circus.
And what did I get?
A se
...
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094551778)
At this point, it’s clear you're more interested in gatekeeping than in actual security.
You’re attacking a disclosure you haven’t seen, dismissing a threat you haven’t reviewed, and injecting yourself into a process you’re not responsible for — all while preaching about protocol you clearly don't understand.
Let me be clear:
- I used the correct PGP keys.
- I used the official security contact.
- I requested private coordination to avoid exactly this kind of circus.
And what did I get?
A se
...
💬 starixapp commented on issue "[SECURITY] Urgent Disclosure Coordination Request – High-Risk CI/CD Vulnerability":
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094554516)
Bryan,
Let’s correct the record — again:
I sent the message twice. Not four times. Not a filter test. Just a researcher trying to do the right thing through responsible disclosure.
The rest of your assumptions are as inaccurate as they are unnecessary.
If you’re seeing every attempt to coordinate securely as spam, and every ethical move as suspicious, then perhaps you’re part of the problem — not the solution.
You’ve misrepresented facts. You’ve mocked someone avoiding public leaks. And no
...
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094554516)
Bryan,
Let’s correct the record — again:
I sent the message twice. Not four times. Not a filter test. Just a researcher trying to do the right thing through responsible disclosure.
The rest of your assumptions are as inaccurate as they are unnecessary.
If you’re seeing every attempt to coordinate securely as spam, and every ethical move as suspicious, then perhaps you’re part of the problem — not the solution.
You’ve misrepresented facts. You’ve mocked someone avoiding public leaks. And no
...
💬 kanzure commented on issue "[SECURITY] Urgent Disclosure Coordination Request – High-Risk CI/CD Vulnerability":
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094559271)
If you now say you used the PGP keys, then why did you originally say you didn't find the PGP keys when you wrote your earlier messages? This is confusing and inconsistent.
None of your emails or messages have included your own pgp fingerprint or pgp key.
Using LLM to write your messages is not helping your case. It is not itself dispositive but the spam, multiple messages sent back to back with odd inconsistent edits, lack of detailed information such as PoC or patch, and inconsistent story i
...
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094559271)
If you now say you used the PGP keys, then why did you originally say you didn't find the PGP keys when you wrote your earlier messages? This is confusing and inconsistent.
None of your emails or messages have included your own pgp fingerprint or pgp key.
Using LLM to write your messages is not helping your case. It is not itself dispositive but the spam, multiple messages sent back to back with odd inconsistent edits, lack of detailed information such as PoC or patch, and inconsistent story i
...
💬 starixapp commented on issue "[SECURITY] Urgent Disclosure Coordination Request – High-Risk CI/CD Vulnerability":
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094561171)
Bryan,
You’re not reading — just reacting.
Let me walk you through what you’ve missed in your rush to sound authoritative:
1. I *did* find and use the official PGP keys to send the report.
2. I received *no response* — not even an automated acknowledgment — from `security@bitcoincore.org`.
3. There was no request for my PGP fingerprint or key because no human has replied to coordinate.
You keep pushing the narrative that this is about "believability."
This is not a personal trust issue. It
...
(https://github.com/bitcoin/bitcoin/issues/33022#issuecomment-3094561171)
Bryan,
You’re not reading — just reacting.
Let me walk you through what you’ve missed in your rush to sound authoritative:
1. I *did* find and use the official PGP keys to send the report.
2. I received *no response* — not even an automated acknowledgment — from `security@bitcoincore.org`.
3. There was no request for my PGP fingerprint or key because no human has replied to coordinate.
You keep pushing the narrative that this is about "believability."
This is not a personal trust issue. It
...
💬 furszy commented on pull request "index: Deduplicate HashKey / HeightKey handling":
(https://github.com/bitcoin/bitcoin/pull/32997#discussion_r2217880735)
The base index class is responsible for detecting reorgs and calling the appropriate methods from the child class: `CustomRemove()` up to the forking point, then `CustomAppend()` to connect the new chain blocks. This happens during both initial sync and the validation event. I'm pretty confident we can safely remove the extra check.
Furthermore, since the index child class receives block connection and disconnection events in order, I don't see why it should care about reorgs at all (speaking
...
(https://github.com/bitcoin/bitcoin/pull/32997#discussion_r2217880735)
The base index class is responsible for detecting reorgs and calling the appropriate methods from the child class: `CustomRemove()` up to the forking point, then `CustomAppend()` to connect the new chain blocks. This happens during both initial sync and the validation event. I'm pretty confident we can safely remove the extra check.
Furthermore, since the index child class receives block connection and disconnection events in order, I don't see why it should care about reorgs at all (speaking
...
📝 bigshiny90 opened a pull request: "test: Add functional tests for blockreconstructionextratxn parameter"
(https://github.com/bitcoin/bitcoin/pull/33023)
This adds tests for the -blockreconstructionextratxn parameter which controls the extra transaction pool used for compact block reconstruction.
Uses RBF transaction pairs to populate the pool since that's a straightforward way to get transactions into the extra pool - send an original, then replace it with higher fee, and the original ends up in the extra pool.
(https://github.com/bitcoin/bitcoin/pull/33023)
This adds tests for the -blockreconstructionextratxn parameter which controls the extra transaction pool used for compact block reconstruction.
Uses RBF transaction pairs to populate the pool since that's a straightforward way to get transactions into the extra pool - send an original, then replace it with higher fee, and the original ends up in the extra pool.
👍 l0rinc approved a pull request: "p2p: rename GetAddresses -> GetAddressesUncached"
(https://github.com/bitcoin/bitcoin/pull/32994#pullrequestreview-3036097434)
Concept ACK, please consider splitting different change types to separate commits and adding extra qualifications to the methods that does the extra work.
(https://github.com/bitcoin/bitcoin/pull/32994#pullrequestreview-3036097434)
Concept ACK, please consider splitting different change types to separate commits and adding extra qualifications to the methods that does the extra work.
💬 l0rinc commented on pull request "p2p: rename GetAddresses -> GetAddressesUncached":
(https://github.com/bitcoin/bitcoin/pull/32994#discussion_r2217887924)
Even though the PR is quite simple, I'd separate the comment-changing-commits from the refactoring commits. I guess it may not make a lot of sense doing the rename with a scripted diff since it might confuse the two similarly named methods.
(https://github.com/bitcoin/bitcoin/pull/32994#discussion_r2217887924)
Even though the PR is quite simple, I'd separate the comment-changing-commits from the refactoring commits. I guess it may not make a lot of sense doing the rename with a scripted diff since it might confuse the two similarly named methods.