[bitcoin-dev] Fwd: [bitcoin-core-dev] On the initial notice of CVE-2018-17144
Gregory Maxwell
greg at xiph.org
Sat Sep 22 20:49:04 UTC 2018
On Sat, Sep 22, 2018 at 7:22 PM sickpig at gmail.com <sickpig at gmail.com> wrote:
> > For some reason I don't understand, Andrea Suisani is stating on
> > twitter that the the report by awemany was a report of an inflation
> > bug, contrary to the timeline we published.
>
> guess that the fact you don't understand it, it's probably related to the fact
> that you didn't read properly the tweet you are referring to, for reference this
> the tweet URL https://twitter.com/sickpig/status/1043530088636194816
>
> This is the text of such a tweet
OKAY. The only tweet I was shown was this one:
https://twitter.com/sickpig/status/1043428373530390528
It doesn't many any mention to him not reporting it and I encountered
it in the context of another person citing it to claim it had been
reported.
> Furthermore as you should be aware, having been copied on the report,
> awemany specifically
> said that "[the assert(is_spent)] *seems* to prevent the worse outcome
> of monetary inflation"
Yes, in fact I referred to the that specifically in my message as well
as including his entire message in my post.
> I guess that in the hurry of informing you and other people involved of the DoS
> vector he identified and proved, he decided to give priority to
> informing Core about that
> rather than waiting and continue exploring the idea he had about exploiting the
> code to create coins out of thin air.
I'm unclear what you're now stating. Are you stating that awemany knew
that it could
cause inflation but indicated otherwise to us or are you stating that
he did not know and
in the abundance of caution he sent the report as fast as possible
before making that
determination?
I'm just asking because I'm confused by your response; I don't think
it's particularly important one way or another.
More information about the bitcoin-dev
mailing list