Backports from Bitcoin

[CharesFang]

We recently investigated the Bitcoin issues which are related to privacy protection, vulnerability patches, or security enhancements. We have also checked the dash source code. Results show that these issues and their PRs are not backported yet. Henceforth, we suggest that dash should backport the PRs listed below for the considerations of software security and integrity.

• Bitcoin PR#17906, avoid uninitialized reads.
• Bitcoin PR#16572, fix a Char variable used as Bool.
• Bitcoin PR#15323, fix race condition in mempool_persist.py.
• Bitcoin PR#15305, fix crash when disconnecting fail.
• Bitcoin PR#15039, avoid leaking nLockTime fingerprint.
• Bitcoin PR#14993, fix data race in InterruptRPC().
• Bitcoin PR#13808, shuffle coins before grouping, for privacy protection.

Some of these issues and PRs are not severe security-related, but backports can avoid the chaos ecosystem of Bitcoin-forked projects and the potential vulnerabilities in the future.

Reported by de957ad9679f28a38f02f00cc7928bce8fb424882ff060a3c09c32895b1474cc.

[PastaPastaPasta]

Tracking for all backports is located in issue #4000

Also, numerous of the backports that you've mentioned have already been backported into dash core, including 17906, 15305, 15039 and 13808.

If you'd like to do any other of these backports, feel free.

[CharesFang]

• The Bitcoin PR#16251 should also be considered to backport for improving signrawtransaction error reporting.

[kwvg]

👋! Thought I'll give you a quick update!

• 16572 has been backported as 6e6b551 in backport: trivial backports Feb 26 2022 #4709
• 14993 has been backported as 3dbc611 in Backports 0.18 pr19 #4642
• 15323 has been backported as 71e38b9 in merge bitcoin #15323 #15637 #16433 #16024 : Backport #4609
• 16251 is being backported as a part of backport: merge bitcoin#20788, #19203, #19415, #21444, #21328, #20457, #20429, #18416, #16251, partial #18638 (auxiliary backports: part 7) #5056

[kwvg]

Resolved with #5056, closed