Jameson Lopp (npub17u5…t4tp) Peter Todd (npub1ej4…ndrm) Luke Dashjr (npub1lh2…a9nk) lukedewolf (npub1fk8…cwld)
honest question about core security:
why are we comfortable with arbitrary blobs in taproot witnesses going through a C++ parser on every validating node?
a crafted tapscript, a single parser bug, shellcode sitting in the same witness, and every node running bitcoind is a target.
as somebody said in 2010 "an accident waiting to happen" 🤔
https://claude.ai/public/artifacts/bd679297-ce62-475f-b658-7abf4f7e107c
pepeoh333 / Pepe López
npub1h4…0phjj
2026-02-28 10:30:05 UTC
Author Public Key
npub1h4qzcxeqtcwve6t22rulvw7kxdlt3emcwdg9qwrlq9glhdk4zsas20phjjPublished at
2026-02-28 10:30:05 UTCEvent JSON
{
"id": "42ad7b777e96eb25027d65940bdd081cc48d97e8a83c0074780f204c4dfb14c5",
"pubkey": "bd402c1b205e1ccce96a50f9f63bd6337eb8e778735050387f0151fbb6d5143b",
"created_at": 1772274605,
"kind": 1,
"tags": [
[
"p",
"f728d9e6e7048358e70930f5ca64b097770d989ccd86854fe618eda9c8a38106"
],
[
"p",
"ccaa58e37c99c85bc5e754028a718bd46485e5d3cb3345691ecab83c755d48cc"
],
[
"p",
"fdd5e8f6ae0db817be0b71da20498c1806968d8a6459559c249f322fa73464a7"
],
[
"p",
"4d8f7d20e2ba56e3e3c147542934f50a845a9781a7f1103717d9595dbc1edb9d"
],
[
"r",
"https://claude.ai/public/artifacts/bd679297-ce62-475f-b658-7abf4f7e107c"
]
],
"content": "nostr:npub17u5dneh8qjp43ecfxr6u5e9sjamsmxyuekrg2nlxrrk6nj9rsyrqywt4tp nostr:npub1ej493cmun8y9h3082spg5uvt63jgtewneve526g7e2urca2afrxqm3ndrm nostr:npub1lh273a4wpkup00stw8dzqjvvrqrfdrv2v3v4t8pynuezlfe5vjnsnaa9nk nostr:npub1fk8h6g8zhftw8c7pga2zjd84p2z949up5lc3qdchm9v4m0q7mwws7jcwld \nhonest question about core security:\nwhy are we comfortable with arbitrary blobs in taproot witnesses going through a C++ parser on every validating node?\na crafted tapscript, a single parser bug, shellcode sitting in the same witness, and every node running bitcoind is a target.\n\nas somebody said in 2010 \"an accident waiting to happen\" 🤔\n\nhttps://claude.ai/public/artifacts/bd679297-ce62-475f-b658-7abf4f7e107c",
"sig": "95fb03090b599e8c08736e551ca7f16a3ae95bb1a889260c9bbece74b2b26ef49198da363cf9965d5cfeb21a27d018406595298b3ebeb16259156e87142987e1"
}