A statement posted on the website for an open source project stated that BTC versions 0.16.3 and 0.170rc4 not just patch a DoS (Denial-of-Service) bug but also address a severe vulnerability that would allow malicious miners to inflate the supply of bitcoin artificially through a specific type of double spend transaction.
The developers told, “thus, in Bitcoin Core 0.15.X, 0.16.0, 0.16.1, and 0.16.2, any attempts to double-spend a transaction output within a single transaction inside of a block where the output being spent was created in the same block, the same assertion failure will occur (as exists in the test case which was included in the 0.16.3 patch). However, if the output being double-spent was created in a previous block, an entry will remain in the CCoin map with the DIRTY flag set and having been marked as spent, resulting in no such assertion. This could allow a miner to inflate the supply of Bitcoin as they would be then able to claim the value being spent twice.”
In the beginning, developers had also disclosed a lesser but severe DoS bug that would allow miners to crash nodes as well as disrupt the Bitcoin network. Although doing so would result in forfeiting their block reward for them, that’s 12.5 BTC currently.
Followed by the statement, this bug was present in the BTC software since version 0.14. However, it hadn’t been discovered until this week. Then version 0.15 introduced the vulnerability of inflation.
Developers explained that they waited to reveal the full extent of the bug for the purpose of preventing the malicious miners from exploiting it before the upgraded client reaching critical mass.
From the statement by the developers –
“To encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade.”