Bitcoin Core, a free and open-source software that serves as a bitcoin node has patched a serious vulnerability. A major bug in bitcoin core could have crashed the network. Bitcoin core is considered to be bitcoin’s reference implementation and is the most used implementation by a large margin.
A bug found in Bitcoin Core version 0.14, that also damages all upcoming versions, could have caused a great majority of current Core nodes to crash. According to the developer’s patch release notes, developers released a patch that fixes Core version 0.16.2 and the recent 0.16.3. This fix requires an instant upgrade.
The documentation explains the bug as a “denial-of-service vulnerability” that was found in the Bitcoin Core in an update last year. The vulnerability primarily allowed miners to predict a number that adds a block of Bitcoin transactions to the blockchain for a reward. It also allowed the creation of a poisoned block by inserting a transaction that tries to spend the same coins twice. This poisoned block could then be sent around the Bitcoin network, crashing the software of any client that receives it.
The bug was not in the Bitcoin protocol but in its most popular software implementation. Some cryptocurrencies built using Bitcoin Core’s code were also affected. The Litecoin patched the same vulnerability on Tuesday, reported VICE.
The bug was explained by a Bitcoin.org co-owner @CobraBitcoin on Twitter, as “very scary.” The co-owner said that
A very scary bug in Bitcoin Core has just been fixed which could have crashed a huge chunk of the Bitcoin network if exploited by any rogue miners.
Bitcoin Core
The software was released by Satoshi Nakamoto under the name “Bitcoin”, and after that renamed to “Bitcoin Core” to differentiate it from the network. For this reason, it is also called as the Satoshi client. As of 2018, Bitcoin Core repositories are monitored and maintained by a team of maintainers, with Wladimir J. van der Laan leading the release system.
Bitcoin Core comes with a transaction verification engine and connects to the bitcoin network as a full node. Not only this, a cryptocurrency wallet which can be used to transfer funds is also installed by default. The wallet enables the sending and receiving of bitcoins. It does not promote the buying or selling of bitcoin. It enables clients to produce QR codes to receive payment.
Emin Gün Sirer, an associate professor of computer science at Cornell University told Vice that
For less than $80,000, you could have brought down the entire network. That is less money than what a lot of entities would pay for a 0-day attack on many systems. There are many motivated people like this, and they could have brought the network down.
How To Upgrade?
The patch release has further instructed about the upgradation process. Following are the steps:
The patch release has also given a downgrading warning. Wallets created in 0.16 and later are not compatible with versions prior to 0.16 and will not work if users try to use newly created wallets in older versions. Existing wallets that were created with older versions are not affected by this. This vulnerability is monitored as CVE-2018-17144 and is called as a simple “denial of service” (DoS) attack.
Sirer further stated,
The fact that lots of people are using something doesn’t mean they’re critically looking at its code, or that they’re not blind to fundamental mistakes. The one thing that does help is to have multiple versions of the same software. Another lesson from this episode is that monocultures are very dangerous.
Bitcoin core developers have also suggested users to upgrade any of the vulnerable versions to 0.16.3 as soon as possible. The patch release has also given credit to the anonymous reporter who reported this vulnerability.
A few days ago, the ‘unknown person’ who notified the popular Bitcoin Cash developer Bitcoin ABC of the critical ‘Chain-Splitting’ bug was revealed to be a Bitcoin Core developer. His name was Cory Fields and he anonymously reported the consensus bug, known as SIGHASH_BUG in April 2018. A so-called ‘chain-splitting’ bug, the vulnerability “would have allowed a specially crafted transaction to split the Bitcoin Cash blockchain into two incompatible chains.
Follow us on Twitter, Facebook, Steemit, and join our Telegram channel for the latest blockchain and cryptocurrency news.