More than half of the full nodes in the main Bitcoin network still have not installed the Bitcoin Core client update, which eliminated a critical vulnerability that allowed sabotaging the work of 90% of the nodes for double spending. This was reported at the beginning of the month by the Cointelegraph , citing developer Luke Dash Jr.

However, today the situation has not changed. 44.3% of nodes are vulnerable to bug CVE-2018-1744 , another 5.1% work on software with other weak points. At the same time, a completely outdated client is installed on 10% of nodes.

Luke.dashjr data

It is noteworthy that in the majority of open sources about Bitcoin it is usually said that there are 10,000 full nodes, but the Dash Jr. study showed that their real number is nearing 100,000. However, when it comes to the so-called “listening nodes” with open ports for communication with other nodes, their number is really much smaller.

Thus, a Bitcoin blockchain initially makes it impossible to waste one unspent transaction exit (UTXO) in two different transactions. However, several changes had to be made to the protocol to make it as difficult as possible to use a single transaction for UTXO multiple spending, which would increase the total emissions.

In version 0.14.0 of the Bitcoin Core client, developers discovered the possibility of carrying out a DDoS attack on the nodes while trying to realize double waste. In an effort to eliminate the vulnerability, they unintentionally created the possibility of double spending of UTXO in a single transaction and in version 0.15.0: nodes with previous versions of the client recognized such transfers as true.

The vulnerability was discovered in September 2018 and the Bitcoin Core team released an extraordinary client update, but so far most of the nodes use software with a bug.

“All nodes must be upgraded ,” said Dash Jr..

In the case of a “51% attack” on the Bitcoin network, an increase in aggregate emissions recognizes as true only the nodes on which the vulnerable software is installed, he explained. In this case, the network will split into two chains, however, most likely, operators of problem nodes will soon want to return to the original version of the system.

Commenting on the vulnerability of CVE-2018-1744 in an exclusive interview with BlockchainJournal, developer and entrepreneur Jimmy Song said that a theoretical attack on the Bitcoin network would have cost billions of dollars, but its success seems highly doubtful.

Recall that the CVE-2018-1744 bug was applied in practice on the Pigeoncoin network to issue an additional 235 million coins.

Subscribe to the BlockchainJournal news in Telegram: BlockchainJournal Live – the entire news feed, BlockchainJournal – the most important news and polls.