story time. the recently disclosed nutshell cashu mint vulnerability is as ironic as it gets. it’s very similar to an inscription which is hilarious. as per the cashu spec, a HTLC must have a preimage witness size of 32 bytes.
unfortunately, the mint never checked the size before validating and storing it in its db. we simply overlooked it. since users never paid a fee that depends on the witness size (because we assumed it would be constant), this allowed the attacker to store jpgs of dickbutts in a mints database. for free!
fortunately there’s no messy consensus in cashu. every mint operator dictates their own rules. the fix is simple: now we reject all tokens with a witness that’s too large. those maliciously crafted tokens (of which we haven’t seen any in the wild) can’t be spent anymore.
i must admit, given my recent active engagement in the filter debate, this is probably the funniest exploit possible. i own this one and i’m giggling as i type this. it’s pure comedy.
however, this doesn’t mean the disclosure has gone well. the attacker has proven to be malicious and refused to coordinate with us. instead, he’s putting active mints at risk. this is not how responsible disclosure works. very unprofessional. if you run a mint or know someone who does, update to the latest version (0.18.1) where this issue is fixed. funds were never in danger.
it’s certainly worth a laugh. grill me. this one is simply too good. 😊
thanks to the entire cashu team for their amazing work and their swift reaction. you’ve handled it like pros.
