This is How a Bitcoin Cash Developer Found One of the Biggest Bugs in BTC History
A mysterious and pseudonymous developer of Bitcoin Unlimited, revealed how he was able to find one of the most important bugs in Bitcoin. In order to prove that he was able to find it, he stamped the hash and included the signature with the PGP key used.
He said that he was working on the new CHECKDATASIG/-VERIFY opcodes that are going to be implemented on Bitcoin Unlimited’s client. Then he noticed that there are divergences in the way that signature operations counting was done in Bitcoin ABC compared to Bitcoin Unlimited (BU).
Then, he realized about a comment in the ABC code base saying:
“Check for duplicate inputs — note that this check is slow so we skip it in CheckBlock.”
He then understood that block validation skips the test. He said that this is something that happens during mempool ingress. After it, the developer patched an ABC node to not relay transactions even when asked. He then connected one unpatched and one patched node together creating a transaction with a duplicate input.
He then realized that the issue was coming from Bitcoin Core (BTC). He then decided to write the encrypted disclosure to Wladimir, a Bitcoin Core maintainer and other developers from BU and ABC.
Then the question raised about what were Bitcoin Core developers thinking when they decided to approve the bug. It was obvious, he explains, that the removal of checks for double spending was a pretty big problem.
It raises the question about conflict of interests on the network or about how they would allow for the creation of BTC out of thin air.
This bug shows that Bitcoin Core developers should pay more attention to what they do and how they review their code. If a bug that is completely obvious made its way in, then, there is something that is failing.
At the moment, there are some nodes that remain vulnerable to the inflation bug. An alert should have been sent to nodes, letting them know that they have to make an upgrade. This alert system would not have interfered with the codes users run.
Because of finding this bug, BTC donations for him raised 0.03 BTC, while he was able to gather 36 BCH in donations as well.
I am responsible for the CVE-2018-17144 bug. https://t.co/BrPVivM296
— John Newbery (@jfnewbery) September 24, 2018
This is noble of John, but this responsibility doesn’t fall on 1 person or 3 people or 10 people. Let this be the industry’s wake up call 🔔So many companies sit idly by taking advantage of the hard work of others. Some have the nerve to point fingers. HELP DEVELOPMENT https://t.co/jkV6vcTmLu
— Alan Silbert ⚡️ (@alansilbert) September 24, 2018