A new bug was recently discovered in the Bitcoin (BTC) Core software used by the nodes of the Bitcoin network. The bug would have allowed miners to create a block that crashed any node trying to process it – which would have, at least temporarily, shut down Bitcoin.
Bitcoin Developers Patch Bug
Once discovered, the nature of the bug was quickly communicated in secret to developers of Bitcoin Core, who patched it out before its discovery was announced.
Bitcoin Core is the open source software that allows any member of the crypto community to set up their node for the Bitcoin network. It was initially developed by Satoshi Nakamoto but has been maintained and modified over the years by members of the Bitcoin community. One new patch for Core came out September 17th – a rather important one, as it turns out. A whitehat programmer had discovered a bug in the node software that meant that if a Bitcoin block were minted in a particular way it would bring down any node that tried to process the block.
Two-year-old bug
The bug has been in place since an earlier optimization patch was introduced almost two years ago. One Matt Corallo of Chaincode Labs chose to forego security guidelines to shave off 0.5-0.7ms during checks for duplicate inputs among transactions in the block, inadvertently creating the vulnerability. More worrying than the initial error in judgment, however, is that other members of the Bitcoin Core team greenlighted the 2016 change without catching the mistake – or, apparently, without doing any testing at all.
Ultimately, the vulnerability was never abused. Although no funds were in danger directly, a malicious miner could have used the weakness to bring down the Bitcoin network temporarily – and could have shorted the hell out of Bitcoin just before doing so.
Bitcoin not the only network at risk
Although the vulnerability was introduced into the Bitcoin Core software in 2016, Â it has since made its way into the nodes of other projects, including Bitcoin Cash (BCH), Litecoin (LTC) and Dash (DASH). Although attempts were made to release patches for all affected networks at the same time, ultimately the Bitcoin Core team decided that it was most important to protect Bitcoin as soon as possible. At the time of writing, a little over half the Bitcoin nodes have yet to update to include the patch, but the network would stay up even if the straggler nodes were shut down.
The crypto space has grown explosively in the last several years. It’s easy to marvel at the potential of the technology, and how quickly things move. And then something like this happens. It should serve to remind the community we are still a very young space, and growth pains were accompanying this level of growth can be pretty severe. We got lucky this time.
The bug was discovered by someone who quietly told the developers and got it fixed. Maybe next time someone figures out how to bring down a $100 billion cryptocurrency for a few hours, they do it.
