Rootstock’s observations of the Rab13s vulnerabilities disclosure
On 2023-03-13 at 09:51 ART, Halborn Security reported some vulnerabilities that affect several Bitcoin fork client projects.
- The Rootstock Client Node is not a Bitcoin Fork and therefore is not impacted by this vulnerability
- All Bitcoin nodes used by critical network services have been patched and are also not affected by this vulnerability
- We advise all teams building on top of Rootstock, that rely on the usage of Bitcoin Core nodes, to verify that they are not affected by these vulnerabilities. If you require assistance, please contact the security team at IOVlabs at email@example.com.
Recently, Halborn Security reported some vulnerabilities that affect several Bitcoin fork client projects. As Rootstock is a smart contract platform that operates as a sidechain to the Bitcoin blockchain, we were informed of this vulnerability in advance of its release. Our security teams immediately investigated the scope of the vulnerability and found Rootstock is not impacted. This is because the Rootstock client node is not a Bitcoin fork.
What is the impact of this vulnerability?
The exploits, known as Rab13s, can allow an attacker to perform a denial-of-service attack by causing a network node to disconnect from the rest of the network. As mentioned previously, these vulnerabilities are not affecting the Rootstock network.
Some projects and software components used as part of the Rootstock network infrastructure may rely on the usage of Bitcoin Core nodes. We have ensured that all Bitcoin nodes used by critical network services are updated to the latest patched Bitcoin versions that are not affected by these vulnerabilities.
As an additional preventive measure, we have notified all Bitcoin mining pools doing merged mining on Rootstock to verify that they are running non-vulnerable Bitcoin Core nodes and to upgrade if necessary.
|In summary, the Rootstock network is not affected by the Rab13s exploits.
We encourage all teams building on top of Rootstock to verify that they are not affected by these vulnerabilities and to contact the security teams at IOVlabs at firstname.lastname@example.org if they require assistance.
Finally, we would like to express our appreciation to Halborn for their valuable work and contributions to keeping the entire blockchain industry safe.