Darosior

**Name of the Vulnerable Software and Affected Versions** btcd versions 0.10 through 0.24 **Description** The issue arises from the incorrect implementation of the "FindAndDelete()" functionality in the btcd Bitcoin client, leading to discrepancies in the validation of Bitcoin blocks. This can cause a chain split or Denial of Service (DoS) attacks. An attacker can trigger this vulnerability by constructing a standard Bitcoin transaction that exhibits different behaviors in 'FindAndDelete()' and 'removeOpcodeByData()'. The `removeOpcodeByData` function removes any data pushes from a script that contain specified data, whereas `FindAndDelete` only removes exact matches. This difference in behavior can be exploited remotely without requiring any hash power, as it can be triggered by a standard Bitcoin transaction relayed through the P2P network. **Recommendations** To resolve the issue, upgrade to btcd version v0.24.2 or later. As a temporary workaround, consider restricting the use of the `removeOpcodeByData` function until a patch is applied. Avoid using transactions that may trigger the difference in behavior between `FindAndDelete` and `removeOpcodeByData` until the issue is resolved.