Developer Explains How to Responsibly Disclose Bitcoin Bugs
Disclosing a bug in the crypto world isn’t as straightforward as you might think. Responsible developers will quietly disclose the bug to an internal team, then publicly release the bug after the exploit has been fixed.
“On April 25, 2018, I anonymously and privately disclosed a critical vulnerability in Bitcoin Cash, one of the world’s most valuable cryptocurrencies — not to be confused with Bitcoin. A successful exploit of this vulnerability could have been so disruptive that transacting Bitcoin Cash safely would no longer be possible, completely undermining the utility (and thus the value) of the currency itself. Instead, the vulnerability was fixed without incident, and publicly disclosed on May 7, 2018.”
The bug, if identified and released, would have been catastrophic. BCH is the world’s fourth largest cryptocurrency. A currency-breaking bug could have impacted billions of dollars’ worth of transactions.
The remainder of Fields’ blog post focuses on how the BCH exploit worked, how it was fixed, and whether or not it could occur with other cryptocurrencies.
“I’m presenting a detailed report of this incident not as a slight against Bitcoin Cash, but as a real-world example of how much work is still required to reach the sophisticated level of engineering that cryptocurrencies require, and as a wake-up call to companies who have not adequately prepared for this type of scenario.”
With that in mind, let’s take a look at how the Bitcoin Cash exploit was discovered, patched, and explained.
The SIGHASH_BUG Could Have Caused Billions of Dollars to Disappear
The Bitcoin Cash development team rewrote a portion of the transaction signature verification code. The new code, however, omitted a critical check of a specific bit in the signature type.
Fields calls this omitted bit the “SIGHASH_BUG”.
If someone else had discovered this exploit, it would have allowed that person to split the BCH blockchain into two incompatible chains.
Chain-splitting bugs are some of the most dangerous bugs for blockchains.
Why Are Chain Splitting Bugs Particularly Dangerous?
Cryptocurrencies like BTC and BCH maintain a distributed ledger of all transactions to participants. To spend coins, the spender must create a transaction that obeys all of the rules of the system. These rules are hardcoded into the bitcoin network. They dictate, for example, that a user can’t send more bitcoin to another user than they own. Other rules dictate how digital signatures should be formatted. These are collectively called “validation rules”.
It’s the bitcoin software’s job to enforce the rules. If a single participant tries to cheat the system and create a transaction that spends more money than a wallet owns, then the other participants’ software will reject that transaction.
The bug mentioned above was particularly dangerous because it could have led to a chain split. The bug allowed a transaction to be considered valid even if all previous versions of the software rejected it as invalid. Here’s how Fields explains it:
“The result is a “chain split,” and it means that only the subset of participants who have upgraded their software will accept the transaction in question. And since transactions and blocks are chained together, the two subsets will disagree on every transaction that follows.”
This is where disaster can occur. If the chain-split isn’t spotted and rectified immediately, and quick action isn’t taken by developers and the community, then the chain will be irrevocably split. The developers would have to quickly align people on one fork or the other. Otherwise, the currency would be split into two incompatible currencies.
You might think this chain-splitting choice is easy. If 1% of the community has upgraded to the new software and supports the new chain, and 99% of the community hasn’t yet upgraded and supports the old chain, then the “main chain” should be obvious. This is true – but it’s more complicated when, say, 50% of users have upgraded to the new software and 50% have not.
“That type of chain-splitting bug is what I discovered in a new version of Bitcoin Cash’s most popular software implementation, but only after half of the network had upgraded to it,” explains Fields.
In other words, when he saw the bug, Fields knew it could lead to a potentially devastating chain-split.
How Did Fields Discover the Bug?
Bitcoin Cash’s primary software implementation, Bitcoin ABC, is software based on Bitcoin Core. Like Bitcoin Core, Bitcoin ABC is open source. Anyone is free to check the code and run it.
Fields had got into the habit of periodically reviewing Bitcoin ABC’s code to see how developers had solved various issues.
“While looking through Bitcoin ABC’s change-logs earlier this year, I noticed that one of the most critical pieces of transaction validation had been refactored. The changes jumped out at me immediately because they seemed so unnecessary. Curious about the reasoning behind them, I took a look at the public review the changes had undergone. There was no justification other than “encapsulation,” it had only two reviewers, and review only lasted a week before the code was accepted.”
Fields was surprised at the lack of verification and debate among the Bitcoin Cash community. A huge portion of Bitcoin ABC’s code had been changed, but the change was quickly approved.
Based on the quick approval process and huge number of lines that had been changed, Fields felt it was likely for a bug to be found. It took him less than 10 minutes to find the SIGHASH_BUG exploit.
Fields Disclosed the Exploit Anonymously
Fields knew the SIGHASH_BUG exploit was serious. It could potentially lead to a chain-split. The bug was also described as “trivially exploitable,” which meant it would be easy for anyone with technical skills to take advantage.
Fields also knew the bug was publicly available. It had taken him just 10 minutes to find the bug in Bitcoin ABC’s open source code. Someone else could discover it quickly. Someone might have already discovered it.
Ultimately, Fields made the decision to submit the bug anonymously. He didn’t want to be accused of targeting the BCH network. If he revealed the exploit under his own name, and then someone carried out the exploit the next day, some would assume it was Fields who had conducted the exploit.
It’s also important to note that Fields has no ties to the Bitcoin Cash project. He’s a Bitcoin Core developer dedicated to improving BTC – not BCH. However, he still made the decision to reveal the potential BCH-breaking bug because:
“if someone had discovered an equally nasty bug in Bitcoin Core, I would hope that person would bring it to our attention as discreetly and securely as possible.”
Eventually, Fields got into contact with a BCH developer, and the Bitcoin ABC team fixed the exploit.
“The Bitcoin Cash vulnerability that I discovered was successfully disclosed and mitigated, and ultimately had no noticeable impact on the cryptocurrency.”
Fields is discussing the issue today in order to bring awareness to how cryptocurrency exploits should work when discovered. If Fields had acted maliciously, or if someone had found the exploit sooner, it could have led to billions of dollars going missing. It would have been more than just a BCH versus BTC debate: it would have been a disaster for the crypto community.
Many well known Cryptocurrency Developers took to Twitter to show their appreciation for how Cory handled the situation.
A great and powerful disclosure by Cory Fields. He has earned a lot of respect for his professional conduct. I also noticed he called it “Bitcoin Cash” throughout the article, very nice. https://t.co/0jqhZYw8Sb
— Cøbra (@CobraBitcoin) August 10, 2018
We would like to thank Cory Fields for his professionalism in responsibly disclosing a bug to Bitcoin ABC, as described in his recent article. https://t.co/BV7KecW7on
— Bitcoin ABC (@Bitcoin_ABC) August 10, 2018
Bitcoin dev Cory Fields discovered a BCH vulnerability that could have resulted in a split chain and substantial loss of funds. He responsibly(and anonymously) reported it to BCH devs and they fixed it before it could be exploited. Read this.https://t.co/wEQ6vkoe9m
— Matt Odell (@matt_odell) August 10, 2018
The responsible way Cory Fields handled the chain-splitting bug he found in Bitcoin Cash shows great character. We need more people like Cory. https://t.co/ZqZYY2TbkE
— Gert-Jaap Glasbergen ⚡️ (@gertjaap) August 10, 2018