The Frontier

Fabian proposed a draft BIP for sharing Bitcoin's UTXO set over the P2P network to improve AssumeUTXO adoption by eliminating reliance on centralized websites or torrents for snapshot distribution.

AssumeUTXO, which allows nodes to start from a pre-validated UTXO snapshot, had slow adoption despite being usable on mainnet. Fabian argues its main value is for prepackaged nodes like Umbrel, Start9, or Speedbiz on hardware-limited devices.

Fabian faced pushback that focused on AssumeUTXO's trust model and whether it's necessary, countering that global users often lack high-bandwidth connections or 32GB RAM, making IBD impractical for applications like retail point-of-sale nodes.

The proposal currently uses a service bit for node discovery but may shift to BIP 434's peer feature negotiation. Fabian plans to specify serving recent snapshots, like a UTXO set from 1,000 blocks ago, as a future BIP extension.

A high-severity vulnerability, CVE-2024-52911, was disclosed in Bitcoin Core. It was a use-after-free bug in the script interpreter's parallel validation that could crash a node processing a specially crafted, invalid block with valid proof-of-work.

Bitcoin Core's disclosure policy released this bug two weeks after version 28.x reached end-of-life with the release of v31.0. The policy distinguishes four severity levels, with critical vulnerabilities handled ad-hoc and high/medium bugs disclosed after the last affected version is unsupported.

Core Lightning 26.06 RC1 introduces experimental Bolt 12 payer proof support, allowing a payer to cryptographically prove they authorized a specific payment for disputes or audits while preserving privacy by omitting select invoice fields.

Core Lightning is deprecating legacy payment RPCs like 'pay' in favor of the newer 'xpay' family, which is multipath-native and uses rene-pay routing. The deprecation starts in v26.06, with removal scheduled for v27.03.

BIP 323 proposes using 24 bits of the block version field as extra nonce space, combined with the existing 32-bit nonce to provide 56 bits of entropy. This eliminates the need for miners to 'time roll' block timestamps once hashrate exhausts the nonce field.

BIP 322, a generic signed message format for any script type, was updated and moved to 'complete' status. It adds a human-readable prefix, PSBT support for collaborative signing, and a proof-of-funds construction, breaking from the 2018 draft.

LDK fixed a bug where its sweep scheduler could get stuck, preventing all subsequent sweeps of HTLC or closing outputs until node restart, which risked fund loss if time-limited outputs expired.

LDK now enforces that Bolt 12 payment metadata must match the invoice, preventing senders from altering it. An opt-out exists for compatibility with older senders.

LDK added graph-based pathfinding for originating onion messages, enabling features like Bolt 12 offers without needing an external route source. It searches for nodes advertising support and constructs a route based on reachability, not fees.

Bitcoin Inquisition #100 implements BIP 446 (op_template_hash) on Signet, and Banana #20 assigns deployment for BIP 443 (OP_CTV). This follows renewed developer interest in covenant constructions like op_template_hash and drivechain bindable transactions.