BTC Wires

Vulnerable Bug Found In Bitcoin Core Conjures Multiple Client Argument

The cryptocurrency community has been talking about a critical vulnerability over the last 24 hours. The vulnerable bug was found in the BTC (Bitcoin Core) reference client. A bug introduced in BTC version 0.14 could have caused a vast majority of current Core nodes to crash. Also, it affects all subsequent versions. As indicated in the developer’s Optech newsletter, Core contributors released a patch fixing Core version 0.16.2, and the latest 0.16.3 fix needs an immediate upgrade.

An Unknown Person Discloses A Vulnerable Bug Found in Bitcoin Core Clients

The entire community is discussing about a critical bug that was introduced into the BTC reference client two years ago. The problem found in BTC software (now patched) versions 0.14 and above has waved another heated discussion concerning the uncertainty of developers and using a single reference client on the contrary to using multiple implementations. The bug went unnoticed initially for two years when it was introduced in November 2016. A vast majority of Core contributors accepted the change without many questions.

Developers indicated that the bugs’ patch release notes that an anonymous individual reported the critical bug to Core contributors. Importantly, the vulnerability found in BTC software would have allowed a malicious actor with just 12.5 BTC to crash roughly 90% of Core nodes. The FIBRE (Fast Internet Bitcoin Relay Engine) baked into Core would have made the matters even worse owing to the way it propagates blocks.

The Optech newsletter explains, “[CVE-2018-17144] A bug introduced in Bitcoin Core 0.14.0 and affecting all subsequent versions through to 0.16.2 will cause Bitcoin Core to crash when attempting to validate a block containing a transaction that attempts to spend the same input twice”.

The recent bug report proves to various cryptocurrency proponents that becoming dependent on a single development team’s QA process can turn out to be a dangerous thing. Mainly, it happens when such an exploit is found in production and then tethered to a $100 billion system.