schmidty

schmidty's avatar
schmidty
npub1zsu6...k4em
#bitcoin blocking and tackling at @bitcoinoptech. cypherpunks write checks at @bitcoinbrink. Party planner @bitcoincoreorg.
As part of Brink's mission to ensure the safety and robustness of the open-source Bitcoin Core software, we recently sponsored an independent security audit of the Bitcoin Core codebase. This represents the first public, third-party audit of Bitcoin Core.
An Independent Security Audit of Bitcoin Core
As part of Brink
 The assessment was conducted by Quarkslab and was coordinated with the help of the Open Source Technology Improvement Fund (OSTIF). Funding was provided by Brink with the support of our donors, with technical collaboration from Brink engineer, Niklas Gögge, and Chaincode Labs engineer, Antoine Poinsot. Why Brink funded this work The project has a strong security track record, but it has never undergone an external security assessment. We wanted to provide an additional layer of assurance for developers, node operators, holders, and businesses who rely on Bitcoin Core every day What the audit involved The focus was on the most security-critical components of the software, including the peer-to-peer networking layer, mempool, chain management, and consensus logic and included: - Manual code review - Static and dynamic analysis - Advanced fuzz testing What the auditors found The auditors at Quarkslab reported no critical, high, or medium-severity issues. They identified two low-severity findings and thirteen informational recommendations, none of which were classified as security vulnerabilities under Bitcoin Core’s criteria. Funding independent reviews like this is just one way we help ensure Bitcoin doesn’t break and continues to serve the world as a secure, reliable monetary network. Independent review only strengthens that confidence. Thank you to Quarkslab, the OSTIF, Niklas, and Antoine for their work on this project. The full report is publicly available here: 📄.pdf
Meanwhile… The decade-long engineering efforts toward libsecp256k1, a minimal from scratch Bitcoin-specific library, result in an 800% speed up over OpenSSL while also: - removing a problematic dependency - avoiding side channel attacks - being fully deterministic Sebastian Falbesoner via
Bitcoin Optech
Bitcoin Optech Newsletter #379
This week’s newsletter shares an analysis comparing the historical performance of the OpenSSL and libsecp256k1 libraries. Also included are our r...
“Where is the public roadmap for Bitcoin Core?” This sentiment from Zach is common and Ill give my own thoughts on it
X (formerly Twitter)
Zach Herbert 🇺🇸 (@zherbert) on X
Where is the public roadmap for Bitcoin Core? Bitcoin is already a multi trillion dollar asset and will continue to rapidly grow. Where is the de...
 The subprojects that individual Bitcoin Core engineers contribute to reflect the project’s *software development priorities* which can include things like testing improvements, refactors, features, maintenance, or performance improvements. These software engineering efforts are distinct from the Bitcoin *protocol*, whose consensus rules change only through broad community agreement and network adoption, not by decisions made exclusively within the Bitcoin Core repository. If I were looking to derive a shorter term “public roadmap for Bitcoin Core” (again, the Bitcoin Core software, not Bitcoin protocol), there are a few places to look. **Working Groups** Contributors actively working on similar efforts form working groups to implement and review projects in Bitcoin Core. A list of the current working groups is on the Bitcoin Core Wiki:
GitHub
Working Groups
Wiki for Bitcoin Core development. Contribute to bitcoin-core/bitcoin-devwiki development by creating an account on GitHub.
 From here we can see interest in: Erlay, Fuzzing, Kernel, Benchmarking, Silent Payments, Cluster Mempool, Stratum v2, Multiprocess, QML GUI, and Net Split These working groups also provide updates at the weekly Bitcoin Core developer meetings on IRC:
Bitcoin Core
IRC Meetings
IRC Meetings
 This is another place to see current work. **Tracking issues** Many subprojects within Bitcoin Core have a place to track a todo list of code changes that roll up into that project. Here are just a few examples (search the GitHub for “tracking issue” for more): Multiprocess -
GitHub
Multiprocess tracking issue · Issue #28722 · bitcoin/bitcoin
This issue will be updated to reflect the current state of bitcoin core multiprocess support. PRs for review related to building & releasing: #3362...
 Mining interface -
GitHub
Mining interface tracking issue · Issue #33777 · bitcoin/bitcoin
The mining interface is defined in: https://github.com/bitcoin/bitcoin/blob/master/src/interfaces/mining.h https://github.com/bitcoin/bitcoin/blob/...
 MuSig2 -
GitHub
MuSig2 Tracking Issue · Issue #31246 · bitcoin/bitcoin
Current PR to review: #31242 libsecp: libsecp module: bitcoin-core/secp256k1#1479 libsecp named structs: bitcoin-core/secp256k1#1628 libsecp subtre...
 Cluster mempool -
GitHub
Cluster mempool tracking issue · Issue #30289 · bitcoin/bitcoin
What to review next: #34085 Plan: Lowest level: generic utilities: #29242 FeeFrac type #30535 Add FeeFrac::EvaluateFee #32240 Fix integer overflow ...
 Erlay -
GitHub
Erlay Project Tracking · Issue #30249 · bitcoin/bitcoin
This issue will be edited frequently to reflect the current status of the project. What should I review now? 👇 👇 👇 👇 👇 👇 👇 #30...
 Bitcoin Kernel Library -
GitHub
Bitcoin Kernel Library Project Tracking · Issue #27587 · bitcoin/bitcoin
Project Board for pull requests past and present: https://github.com/orgs/bitcoin/projects/3 This is the tracking issue for the bitcoin kernel libr...
 SENDTEMPLATE -
GitHub
SENDTEMPLATE Tracking Issue · Issue #33691 · bitcoin/bitcoin
Plan: Protocol specification BIN25-2 and BIP153 PR#1937 Implementation: PR#33191 - Providing templates to peers sendtemplate3 branch - Using templa...
 **Core Dev meetups** What developers discuss at recent in-person meetings is another data point. Here are transcripts from the October 2025 meeting -
Bitcoin Core Dev Tech 2025 (Oct)
A collection of technical bitcoin and lightning transcripts
 February 2025 meeting -
Bitcoin Core Dev Tech 2025 (Feb)
A collection of technical bitcoin and lightning transcripts
 **Merged PRs** As code changes are merged into the Bitcoin Core GitHub before the next release you can see precisely what will be in the upcoming release. These code changes include PRs related to projects above, but also more general changes unrelated to a particular project, like maintenance work, additional testing, one-off features, etc.
GitHub
Pull requests · bitcoin/bitcoin
Bitcoin Core integration/staging tree. Contribute to bitcoin/bitcoin development by creating an account on GitHub.
 Likewise Optech has a weekly notable code segment that picks interesting code merges to cover:
Bitcoin Optech
Bitcoin Optech
Helping Bitcoin-based businesses integrate scaling technology.
 **Release Milestones** As Bitcoin Core progresses toward a new release, PRs can be tagged with a milestone representing that release. For example, here are the items tagged for the previous v30 release:
GitHub
Pull requests · bitcoin/bitcoin
Bitcoin Core integration/staging tree. Contribute to bitcoin/bitcoin development by creating an account on GitHub.
 And here are considerations for the v31 release:
GitHub
Pull requests · bitcoin/bitcoin
Bitcoin Core integration/staging tree. Contribute to bitcoin/bitcoin development by creating an account on GitHub.
 **TLDR, just tell me what will be in v31** Sorry, there isn’t a definitive authoritative answer for a decentralized open source project like this. But also in the spirit of decentralization, I can provide my own guesses of what might be in there. Kernel API - modular use of Bitcoin’s consensus and validation logic outside the full node MuSig2 (in wallet) - fee-efficient, privacy-preserving multi-signature support Cluster mempool - makes transaction relay and block assembly more efficient, predictable, and network reliability. ASMap - help diversify peer connections, strengthening network resilience against eclipse attacks Static builds - reproducible, portable binaries that enhance security, verifiability, and ease of deployment I’ll emphasize that while these projects took a ton of work to get where they are, there will also be a majority of PRs in v31 that will not be part of a “project”. They will simply be general improvements, bug fixes, and maintenance work (see
X (formerly Twitter)
Schmidty (@bitschmidty) on X
Bitcoin Core v30: a deeper look What is in Bitcoin Core v30? One way to answer this is to review the release notes and discuss features. A few con...
 for examples)
Last week many Bitcoin Core developers met up in Frankfurt, Germany as part of their regular twice-yearly in person meetings. Attendees volunteered to take notes on the unconference-style sessions and I have a pull request to add the notes to the BTC transcripts website: - ASMap - Batch Validation - Secp256k1 and quantum - CISA - Cluster mempool - CMake - CoreCheck - Debugging - Fuzzamoto - Libsha - Multiprocess and Mining Interface - Fingerprinting - Net / net_processing split - Package relay - Private broadcast - Security audit - Subject matter experts and working groups - Sockets abstraction Additional informal discussions, code reviews, working groups, or other sessions occurred on: - BIP 3 - Wallet priorities - Compact Block prefills - Silent Payments - btck - CI - SwiftSync - Benchmarking and IBD - When do Bitcoin Core users upgrade? - MuSig2 - Kernel - Working in-person - Complications with fuzz testing - BlockTemplateManager - QML GUI - Shared Templates BIP - Headers-first sync - Batch Validation - FIBRE - Consensus Cleanup - Silent payments libsecp256k1 light client - Better communicating with the broad community - Discussion on block 920138 and Bitcoin Core #33687 - Mempool and relay policy - CI with CTest and CDash This meeting was sponsored by BTrust who provided the funding for the venue, food, supplies, etc to facilitate the meeting (thank you!). JD (from localhost research), Emily (from Brink) and myself organized. A list of previous meetings is here:
CoreDev Events and Conferences
Invitation only developer events for hacking together on Bitcoin Core and related projects. No politics. Just code.
 The PR to the
Bitcoin Transcripts
A collection of technical bitcoin and lightning transcripts
 website is open here, pending approval:
GitHub
add coredev oct 2025 by bitschmidty · Pull Request #593 · bitcointranscripts/bitcointranscripts
Bitcoin Core v30: a deeper look Link to the tweet
X (formerly Twitter)
Schmidty (@bitschmidty) on X
Bitcoin Core v30: a deeper look What is in Bitcoin Core v30? One way to answer this is to review the release notes and discuss features. A few con...
 Non Twitter link
Twitter Thread Reader & Converter
Bitcoin Core v30: a deeper look by @bitschmidty(Schmidty) | Twitter Thread Reader
Bitcoin Core v30: a deeper look What is in Bitcoin Core v30? One way to answer this is to review the release notes and discuss features. A few con...
Fuzz testing and Bitcoin Core... We received a pretty overwhelming response to our recent job post for a Bitcoin Core Fuzzing Internship at Brink. Brink received over 70 applications for the role with many qualified candidates. After the results of a coding challenge, we decided to actually move forward with two engineers for the 3 month role. Dongjia Zhang is a Ph.D. fuzzing researcher and maintainer of the LibAFL fuzzing library used to fuzz test Bitcoin Core. Stratos has a background in vulnerability research and will join Dongjia in working with Niklas (@dergoegge) in the coming months to enhance the fuzz testing capabilities in Bitcoin Core. Fuzz testing is the idea of throwing a bunch of quasi-random inputs at various functions of a codebase and seeing if anything abnormal happens. Think of it like mining for bugs. There is work in both the Bitcoin Core codebase as well as fuzz tooling (like fuzzamoto) in order to test more and more of Bitcoin Core in this way. Here is a bit more about fuzz testing in Bitcoin Core:
Niklas Gögge on Fuzz Testing
Niklas Gögge on Fuzz Testing.
 Here is a conversation we had with Matt Morehouse on fuzz testing the Lightning Network:
Matt Morehouse on Fuzz Testing the Lightning Network
Matt Morehouse presents the state of fuzz testing in Lightning.
 Marco (@macrohead7) recently completed his year long onsite fuzzing fellowship at Brink and provided some thoughts as well:
Marco
Marco De Leon recounts his experiences and accomplishments during his year long fellowship.
 Brink is proud to support the build out of further fuzzing capabilities in the Bitcoin Core codebase as well as other ecosystem softwares. We have not had intern roles before either and are excited to see how it works out. Welcome Dongjia and Stratos! image