Developers fix scary bug in Bitcoin Core eliminating DoS vulnerability
The co-owner of Bitcoin.org who goes by the name Cobra on Twitter tweeted on September 18 that a hazardous bug was found and fixed on Bitcoin Core. The bug could have harmed a large portion of the Bitcoin network.
In his words, “A very scary bug in Bitcoin Core has just been fixed which could have crashed a huge chunk of the Bitcoin network if exploited by any rogue miners.” Bitcoin Core 0.16.3 – the updated version – was released on the same day. It is said to be free from all the exploitable bug found on 0.14.0 and 0.16.2 versions. Moreover, the bug is known to cause a vulnerability known as CVE-2018-17144 [Common Vulnerabilities and Exposures], that is, a DoS [denial-of-service] attack.
As far as the source of the bug is concerned, it remains undeclared for now. According to core developer Andrew Chow the vulnerability was brought to light “by a third party.” In the previous versions of Bitcoin Core 0.16.3, the issue that bothered was related to transactions trying to execute the same input twice. The operation could have crashed if a user would have tried to validate the parent block of such transactions, GitHub mentioned.
Mentioning the seriousness patched vulnerability, Bitcoin Unlimited Chief Scientist Peter Rizun wrote, “Wow, isn’t this one of the most serious consensus bugs ever? It affects all BTC Core nodes and the only thing preventing unbound inflation is the fact that the nodes crash, taking down the entire BTC Core network instead”. He even argued for “multiple implementations” to Maxwell writing, “Maybe multiple implementations isn’t such a bad idea after all, /u/nullc? [Maxwell’s Reddit account] I think only ABC is affected for BCH.”
However, Bitcoin ABC’s Amaury Sechet disagreed with it but still mentioned it to as “pretty bad”. Sechet said, “No it wouldn’t crash the whole network, because crashing node do not propagate locks very well. Still pretty bad.” While, a bitcoin miner Jonathan Toomin called it as one of the “top three or four” bugs in the history of Bitcoin,“Maybe top three or four. The overflow bug was clearly more serious than this, and I think the BDB/LevelDB lock fork from 0.7 to 0.8 was probably more serious too. Crashing on errors is generally safer than giving incorrect results on errors.”
Image via Shutterstock
Join our Telegram group