Public Disclosure: Denial of Service using HTLC in Cashu - @1440000bytes \ stacker news ~bitdevs

pull down to refresh

Public Disclosure: Denial of Service using HTLC in Cashu - @1440000bytes delvingbitcoin.org/t/public-disclosure-denial-of-service-using-htlc-in-cashu/2090?u=1440000bytes

581 sats \ 7 comments \ @Scoresby 16h bitdevs

zaps forwarded to @1440000bytes (100%)

@1440000bytes has been teasing a vulnerability he discovered in Cashu.

Well, here it is: there is a DOS attack on mints where a user can fill a mint's database with data.

19 October 2025: I reported the vulnerabillity to cashu-dev@pm.me 19 October 2025: Cashu dev team acknowledged it as a serious issue and opencash rewarded with 100k sats 21 October 2025: It was fixed in refactor: HTLC spending conditions (#803) · cashubtc/nutshell@f84028c · GitHub 28 October 2025: v0.18.0 was released with the fix 29-31 October 2025: I reached out to several mints and requested to update nutshell 2 November 2025: Public Disclosure

view all related items

221 sats \ 4 replies \ @ek 10h

Cashu dev team acknowledged it as a serious issue and opencash rewarded with 100k sats

so serious it was worth 100k sats

100 sats \ 1 reply \ @1440000bytes fwd 8h

The bounty is based on their limited budget and not the severity of the vulnerability.

0 sats \ 0 replies \ @ek 8h

Makes sense, thanks for replying

33 sats \ 0 replies \ @DarthCoin 8h

😂😂😂😂😂😂😂

21 sats \ 0 replies \ @BlokchainB 7h

My thought exactly

100 sats \ 0 replies \ @Scoresby OP 16h

Here's floppy's more detailed write up of the vulnerability.

https://uncensoredtech.substack.com/p/denial-of-service-using-htlc-in-cashu

0 sats \ 0 replies \ @030e0dca83 13h

What a passionate mankind. Never rug the system you're gonna use. Fix it and make this world better.

Even Satoshi wrote about it: If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.