Disclosure of the details of a log-filling bug which allowed an attacker to cause a victim node to fill up its disk space by repeatedly sending invalid blocks. Exploitability of this bug is limited, as it would take a long time before it would cause the victim to run out of disk space. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
This issue is considered Low severity.
Details
A node would unconditionally log when receiving a block that fails basic sanity checks, or when receiving a block that branches off prior to the last checkpoint. By repeatedly sending such an invalid block to a victim node, an attacker could cause the victim to run out of disk space.
This issue was fixed by implementing log rate-limiting across the board, also preventing future issues of the same type from happening.
Attribution
Niklas Goegge discovered this bug and disclosed it responsibly. Eugene Siegel independently re-discovered this bug and disclosed it responsibly.
Eugene Siegel and Niklas Goegge worked on a fix mitigating all types of log-filling attacks.
Credits also to contributor “practicalswift” who previously raised concerns about disk-filling vectors in Bitcoin Core and worked to address them.
Timeline
- 2022-05-16 - Niklas Goegge reports this issue to the Bitcoin Core security mailing list
- 2025-03-13 - Eugene Siegel reports this issue to the Bitcoin Core security mailing list
- 2025-04-24 - Eugene Siegel reports to the security mailing list about his research on the worst case disk filling rate.
- 2025-05-23 - Eugene Siegel opens PR #32604 to introduce log rate-limiting, based on earlier work from Niklas Goegge
- 2025-07-09 - PR #32604 is merged into master
- 2025-09-04 - Version 29.1 is released with the fix
- 2025-10-10 - Version 30.0 is released with the fix
- 2025-10-24 - Public Disclosure