This is a security vulnerability.
Currently, a new header descendant from an invalid block is still accepted.
A possible solution is to get the ancestor of the block, check the validity of the block indexes, and return error is failed, in the AcceptBlockHeader() function of src/main.cpp after line 3714.
Similar fix from Bitcoin: bitcoin/bitcoin@015a525.
Reported by 6004ed5feaa31ae9df36b5dbc60f0fa53255a5fb734334082c6d202405fc738c.
This is a security vulnerability.
Currently, a new header descendant from an invalid block is still accepted.
A possible solution is to get the ancestor of the block, check the validity of the block indexes, and return error is failed, in the
AcceptBlockHeader()function ofsrc/main.cppafter line 3714.Similar fix from Bitcoin: bitcoin/bitcoin@015a525.
Reported by
6004ed5feaa31ae9df36b5dbc60f0fa53255a5fb734334082c6d202405fc738c.