On Tuesday, September 18, an unscheduled release of the Bitcoin Core client under version 0.16.3 took place, which eliminated a critical vulnerability that threatened the DOS attack on the network. The exploitation of the bug was, however, not an easy task, and fortunately no one took advantage of them.
Bitcoin Core 0.16.3 was released: https://t.co/SsbsJsqSTo
Upgrade recommended due to vulnerability fix– Bitcoin Core Project (@bitcoincoreorg) 18 September 2018
As they say in the accompanying comments of Bitcoin Core developers, the vulnerability was told by the user who wished to remain anonymous. The exploitation of the bug, which was called CVE-2018-1744 , allowed an attacker to disrupt almost 90% of the nodes, and only 12.5 BTC would be required to carry out the attack – the size of the reward currently received by the miners for the block found. Built in Bitcoin Core and designed to speed up the distribution of blocks, the Fast Internet Bitcoin Relay Engine (FIBRE) engine could make the situation worse.
The Optech mailing list explains that the bug CVE-2018-17144 appeared in the Bitcoin Core 0.14.0 release, which was released in November 2016, and affected all subsequent versions up to 0.16.2. Its operation allowed to disrupt the network when trying to validate a block containing a transaction that tries to spend twice the same input. Such a block would be invalid and could only be created by miners willing to give up the loss of a reward of 12.5 BTC (about $ 80,000 at the current rate).
The operators of nodes, respectively, are urgently advised to upgrade to the new Bitcoin Core version or to the new BitcoinABC version for the Bitcoin Cash network. Bitcoin Unlimited client did not affect the vulnerability. The release of the necessary fix was reported by the developers of Litecoin.
The developers also emphasized the fact that the identified vulnerability could have very negative consequences for the Lightning Network, which is still in the experimental stage of the network for fast and cheap transactions.
It is worth noting that this vulnerability was the result of the so-called human factor, and it is the responsibility of those developers who approved the advisory code change. Among them were, for example, Gregory Maxwell, Vladimir van der Laan and Matt Corallo.
However, as the developer of OpenBazaar Chris Spasia commented on this situation, he does not criticize the perpetrators, but criticizes the "idiots-minimalists" who see the developers of Bitcoin Core as almost all gods.
Bugs happen. This is a fact of life. I'm not criticizing them for having a bug. I'm criticizing the idiot minimalists who insist Core developers are God-like individuals and certainly The Best Devs in the World ™
– Chris Pacia (@ChrisPacia) 18 September 2018
On the part of Bitcoin Core developers, no statements have yet been made as to whether any analysis of the incident will be conducted and whether a public report on the causes of the incident will be made and how to avoid the recurrence of such cases in the future.
Earlier, BlockchainJournal wrote about the upcoming release of Bitcoin Core 0.17.0 .
Subscribe to BlockchainJournal news in Telegram: BlockchainJournal Live – all news feed, BlockchainJournal – the most important news and polls.
BlockchainJournal.news
