With Bitcoin currently holding a position as the largest cryptocurrency by market capitalization, people often assume its ecosystem is the crème de la crème of all blockchain architectures. On the contrary, with news of yet another bug that may have gone unnoticed for close to two years, it could be argued that it is one of the most vulnerable.
The latest bug had no effect on the core protocol itself. Instead, it was a software-born issue created within Bitcoin Core version updates 0.14.0 up to 0.16.2, which inadvertently introduced a dangerous denial-of-service (DoS) vulnerability.
In response, Bitcoin Core developers have released version 0.16.3, recommending all relevant nodes are upgraded immediately.
Bitcoin Core Bug Could Have Affected 95% Of All Bitcoin Nodes
Bitcoin Core software connects to the network as a full node, using its code to dictate a transaction verification engine designed to validate the entire blockchain.
Thankfully, a white hat coder discovered that if you input a random number into the code used to determine how a block of Bitcoin transactions is added to the network, it was possible to create an invalid block with the potential to split off entire clusters of nodes.
This was made possible because sometime between 2016 and 2018 amidst core updates, the duplicate-input check was apparently purposely removed from the CheckTransaction value to speed up the network. Had it remained in place, any node using the core software would reject the invalid block and continue. Instead, with the absence of the duplicate-input check, nodes would not know how to handle the corrupted block and would subsequently shut down, thus causing the DoS bug.
Consequently, with an overwhelming majority of 95% of Bitcoin’s nodes currently utilizing Bitcoin Core, any miner with the right motive could have brought Bitcoin to its knees by transmitting the fatal block across nearly the entirety of the Bitcoin ecosystem, shutting down nodes and fracturing the network in a manner that would effectively render BTC useless.
Miraculously, malicious hackers seem to have missed this bug, making this a narrow escape for the cryptocurrency. Even more so when you consider this bug may have existed for almost two years.
Miners Could Have Spent Just $80,000 To Crash The Leading Cryptocurrency
Ironically enough if someone did want to exploit the DoS bug, it would have cost the malicious individual just 12.5 BTC in block rewards to manufacture the ground-breaking block.
It is safe to say that for this price, it would have only been a matter of time before any number of government agencies, hackers or competitors with a reason to destroy Bitcoin would have made the investment to bring down the world’s largest cryptocurrency had they known it was possible.
At the very least, this was the ideal opportunity to spend a bargain, $80,000 in this case, to cause enough havoc to damage both consumer and institutional confidence in a market that continually teeters on the edge, so to speak.
Multiple Cryptocurrencies Have Applied Bug Fixes in 2018
According to the well-known and respected computer science professor Emin Gün Sirer of Cornell University, bugs are a common issue with multiple cryptocurrencies.
Looks like the bug fix made its way to Litecoin, but only after the BTC fix was announced. Does not look like Litecoin devs were notified of the bug prior to patch.
Copycat currencies are at risk. By definition, there’s always a group upstream that knows their vulnerabilities.
— Emin Gün Sirer (@el33th4xor) September 19, 2018
In his tweet, he mentioned Litecoin recently had to apply a fix, which is almost certainly due to the fact that LTC takes advantage of Bitcoin Core code. It then stands to reason that any other digital currencies using the same software code will also need to apply their own fix. With this being the case, this raises some serious concerns.
This was not just some walk in the park bug that could have only caused some minor disruptions. It was a ‘major flaw’ in the Bitcoin Core software that had the potential to cost individuals billions of dollars. Yet, none of the entites using the Bitcoin Core software’s code appear to have ever reported discovering a bug. Developers at Bitcoin and other associated firms will need to seriously investigate how this flawed code has managed to hit the Bitcoin mainchain after run-ins with well-established development teams and gone unnoticed.
Just recently, Bitcoin Cash had to announce that it detected a chain splitting bug, forcing the project’s developers to deploy an update to fix the issue. Plus, TRON (TRX) also had to tighten up its code after it paid out $25,000 to hackers, resulting in the introduction of its bug bounty reward.
Let’s hope that as blockchain technologies evolve so will security checks, processes, and eventually, these bugs or errors caused by updates are eradicated. Maybe TRON’s bug bounty reward is a tactic that all blockchain systems should encourage for the future.
One thing is for sure — Bitcoin has had a lucky escape. There are surely plenty of hackers and haters out there that are kicking themselves for not discovering the gaping hole in the Bitcoin Core code before an unsaid hero, the aforementioned anonymous white hat coder, came along to save the day as well as millions of BTC investors’ hard-earned crypto.