Hello, CEO of Trail of Bits here -- we performed the security review of the Bitcoin Cash / Bitcoin SV code. Your characterization of the issues as "bandwidth denial of service" is incorrect and does not properly describe the impact.
The most significant findings in our report detail ways for messages to waste a victim’s CPU and network resources without triggering any of the denial-of-service mitigations that normally detect and ban misbehaving peers. We also discovered a variety of edge cases that enable similar denial of service potential where exploitation was not straightforward. These included specific code security issues. (I'm being intentionally vague, sorry)
The plan is to fully disclose our entire report at some point in the future, when the remainder of the Bitcoin clients have more fully implemented our recommendations.
The most significant findings in our report detail ways for messages to waste a victim’s CPU and network resources without triggering any of the denial-of-service mitigations that normally detect and ban misbehaving peers. We also discovered a variety of edge cases that enable similar denial of service potential where exploitation was not straightforward. These included specific code security issues. (I'm being intentionally vague, sorry)
The plan is to fully disclose our entire report at some point in the future, when the remainder of the Bitcoin clients have more fully implemented our recommendations.