The cryptocurrency community was taken aback with shock when an anonymous user found a critical bug in the Bitcoin Core reference client. The bug was introduced into Bitcoin Core version 0.14, which affects all versions released subsequently. This could be used by hackers to crash the majority of nodes. Core contributors have already released a patch that will fix Core version 0.16.2 and the 0.16.3, the latest version, which will require an immediate upgrade.
Bug Causes Widespread Debate in the Community
The Bitcoin community debated this newly discovered vulnerability. The focus of the discussions was the fallibility of developers and if using a single reference client was better than using multiple implementations. The bug that caused the vulnerability had been present in the system for about two years and remained unnoticed. Core contributors accepted the bug, which had been present in the system since November 2016.
The bug was only found after an anonymous individual reported it to the Core contributors. It could have allowed a malicious actor with only 12.5 BTC to crash around 90 percent of the Core nodes and wreak havoc on the Core network. And the issue could have worsened because of the Fast Internet Bitcoin Relay Engine (FIBRE) baked in Core because of the means it propagates block.
An Optech newsletter described the whole situation as follows:
“[CVE-2018-17144] A bug introduced in Bitcoin Core 0.14.0 and affecting all subsequent versions through to 0.16.2 will cause Bitcoin Core to crash when attempting to validate a block containing a transaction that attempts to spend the same input twice.”
These blocks could become invalid and could only be “created by miners willing to lose the allowed income from having created a block.”
Should Multiple Clients Be Introduced?
Some members of the Bitcoin community are fiercely advocating a case for using multiple clients. Reddit user and Bitcoin Unlimited’s Peter Rizun gave a scenario why this suggestion could be good. He wrote:
“Wow, isn’t this one of the most serious consensus bugs ever? It affects all BTC Core nodes and the only thing preventing unbound inflation is the fact that the nodes crash, taking down the entire BTC Core network instead.”
Note that the patch was released by Bitcoin ABC, but Bitcoin Unlimited and Bitcoin XT remained unaffected.
Others say that multiple reference clients prove very beneficial when critical bugs that could crash the entire system are detected. Ethereum found consensus bugs in its networks on Geth, but it had Parity clients as alternatives. The BTC network runs 9628 nodes, of which 9135 or 94 percent are Bitcoin Core nodes. Community members are now increasingly talking about doing away with dependency on developer QA and bringing client diversity on board.
Anonymous User Finds Critical Vulnerability in Bitcoin Core was originally found on [blokt] – Blockchain, Bitcoin & Cryptocurrency News.