The ‘unknown person’ who notified the popular Bitcoin Cash developer Bitcoin ABC of the critical ‘Chain-Splitting’ bug has been revealed to be a Bitcoin Core (bitcoin’s primary software implementation) developer.
Cory Fields revealed in a Medium blog post how he anonymously reported the consensus bug, known as SIGHASH_BUG in April 2018. A so-called ‘chain-splitting’ bug, the vulnerability “would have allowed a specially crafted transaction to split the Bitcoin Cash blockchain into two incompatible chains,” wrote Fields.
Fields explained that “a portion of the transaction signature verification code was rewritten, but the new code omitted a critical check of a specific bit in the signature type. I refer to that bit in the disclosure as SIGHASH_BUG. This omission would have allowed a specially crafted transaction to split the Bitcoin Cash blockchain into two incompatible chains.”
The blockchain was open to being jammed with a block that would have caused complete consensus failure, halting transactions and crippling its utility and price. Cryptocurrency engineer Eric Wall took to Twitter, lambasting the project for having missed such a glaring vulnerability.
If BCH had successfully conquered the name "Bitcoin" and this consensus failure bug had been exploited live, losing people billions $$$, the reputational damage would have been irreparable not just for Bitcoin, but for the entire public trust in crypto.
Please respect the devs! https://t.co/u7ciLsHt0x
— Eric Wall (@ercwl) August 10, 2018
The big threat
Fields warned in the same post that the greatest threat facing Bitcoin is software development. Avoiding catastrophic software bugs is paramount in Bitcoins future as per the developer who works for MIT Media Lab’s Digital Currency Initiative.
“Working through this bug, which certainly had the potential for catastrophe, has reaffirmed my belief that the threat of software bugs is severely underestimated in the cryptocurrency world,” writes Fields. ”[This] is a real-world example of how much work is still required to reach the sophisticated level of engineering that cryptocurrencies require, and as a wake-up call to companies who have not adequately prepared for this type of scenario.”
Fields’ Personal safety
As he used his name for the disclosure, hard proof would exist that he had the knowledge and means to attack the network and no way to prove that he was not the attacker. Moreover, there is also the fact that collectively, billions of dollars could have been lost as a result of this exploit. “People have been killed for much less,” Fields added.
Fields wanted to submit the vulnerability anonymously since identifying oneself leaves the possibility of being accused of any exploits that might be perpetrated by a malicious actor. “There were no keys listed for any of the lead developers on the public PGP key servers where they would usually be found, and there were none present in their code repository either. At that point, I had no option other than to request keys anonymously through different online channels, using Tor to mask my identity as much as possible.” he wrote.
The tale of two Bitcoins
Proponents of Bitcoin and its competing cryptocurrency Bitcoin Cash, which was created as a “fork” of Bitcoin’s code and history, haven’t been in good terms. They regularly take to Social media channels to argue which coin is better and which one is more deserving of the “Bitcoin” name.
Bitcoin Cash has a history of ridiculing the original Bitcoin chain – known as Bitcoin Core for clarity purposes – and those developers who work on and promote it. Bitcoin.com owner Roger Ver, who is a major proponent of Bitcoin Cash along with others have been trying to convince the online community that their altcoin will usurp Bitcoin in the future citing technical superiority.
The irony of the news that Bitcoin Cash may well have floundered without help from Bitcoin Core was therefore not lost on many of the cryptocurrency space’s best-known names. “Once again Core devs had to save BCash. Play stupid games…,” commentator WhalePanda wrote, while developer Jimmy Song and economist Tuur Demeester joined those highlighting the event.
The right thing to do?
Fields related that he had begun to question if it was worth all the trouble While trying to figure out whether a completely anonymous disclosure was possible since he had no obligation to report it after all.
“But if someone had discovered an equally nasty bug in Bitcoin Core, I would hope that person would bring it to our attention as discreetly and securely as possible. So I decided to do exactly that: create the report I would want to read and deliver it as I would want to receive it.” said Fields
Several notable cryptocurrency figures lauded his effort, including Civic CEO Vinny Lingham who tweeted that “Responsible and ethical behavior by everyone in the community, regardless of ideological beliefs, should be applauded.” Vitalik Buterin, the co-founder of Ethereum, retweeted Lingham’s tweet. Fields’ example shows that it’s still possible to help each other out to the ultimate benefit of all and the importance of such a positive developer’s community.
You might also like
More from Blockchain Companies
Facebook’s Libra has made many headways, and it has been a long journey shrouded in mystery. Now that the details …
Facebook's Calibra, a digital cryptocurrency wallet that goes hand in hand with Libra their new Cryptocurrency won't launch in India …