Nostr Web Client

Regarding the first disclosure, I remember reviewing the rate limiting pull request, but didn't know about the 32-bit nIdCount field.

The PR didn't touch that variable, but just indirectly caused it to increase less. An alternative fix would have been much easier: just make it a 64-bit number. But that would have been obvious to anyone looking. Since the rate limiting was useful on its own, it makes sense to me that this indirect fix was used.

https://brink.dev/podcast/5-bitcoin-core-21-disclosures/

Reply to this note

Please Login to reply.

Discussion

calle 1y ago

Interesting. Does it require a 64 bit variable in the future?

Sjors Provoost 1y ago

I haven't checked if this has been changed in the mean time. At first glance it seems like good defense in depth, now that this cat is out of the bag. But with the rate limiting in place it takes a long time to get to 4 billion.