Bitcoin Core (BTC) Mining Bug Sees Fix As Nodes Could Crash and Burn New Coins
BTC Developers Missed “Very Scary” Duplicate Transaction Bug That Could Have Crashed the Entire Network
A bug was revealed in bitcoin (BTC) this past week that could have collapsed the entire network. The duplicate transaction bug allowed miners willing to burn 12.5 BTC to crash Bitcoin Core nodes, potentially harming the network.
The bug was fixed earlier this week, although it’s still in the process of rolling out to Bitcoin Core nodes. Bitcoin Core nodes were the only ones affected by the exploit on the BTC network.
The bug was mostly a problem for the BTC network, although Bitcoin ABC nodes on the Bitcoin Cash (BCH) network could also have been affected by the bug.
Meanwhile, any cryptocurrencies based on bitcoin’s code were also affected by the bug. Litecoin, for example, is affected by the exploit and LTC developers have not yet released a patch. DASH released a patch earlier today.
One of the craziest things about this bug is that it went unnoticed for two years: the update introducing the bug to bitcoin was first added in October 2016.
The issue was first publicly mentioned by Cobra, the owner of Bitcoin.org, on September 18, 2018. Cobra tweeted a warning about “a very scary bug” in Bitcoin Core, although he fortunately waited until after the issue had been patched before alerting the public:
“A very scary bug in Bitcoin Core has just been fixed which could have crashed a huge chunk of the bitcoin network if exploited by any rogue miners.”
An updated version of Bitcoin Core, version 0.16.3, had been released earlier in the day. That version does not have the exploit.
How Did the Exploit Work?
Full details of the bug have been trickling out over the past few days.
It’s believed that the exploitable bug was found in versions 0.14.0 and 0.16.2 of Bitcoin Core. The bug was also believed to cause a vulnerability known as CVE-2018-17144 [Common Vulnerabilities and Exposures], which effectively functions like a denial of service (DoS) attack.
This specific issue was related to double spend transactions, which are transactions that try to execute the same input twice. According to a writeup on Github, the double spend transaction would have crashed if the user attempted to validate the parent block of such transactions.
Let’s say a rogue miner wanted to bring down the bitcoin network. For the past two years, from October 2016 to this past week, bitcoin had such an attack vector. A bitcoin miner could have designed a block that would have brought down all other mining nodes.
Thankfully, the bug has since been fixed by adding a check of transactions for duplicated inputs, preventing the double spend issue.
TrustNodes Identifies the Developer Responsible the Bug
In their writeup on the exploit from earlier today, TrustNodes identified the specific developer responsible for the bug, as well as other developers who checked the code and verified it:
“It seems Matt Corallo of Chaincode Labs is to be blamed for this bug, as well as a number of other Bitcoin Core devs who approved of it, including Gregory Maxwell who did so without any testing. In fact, on the surface, it looks like none of them tested this code change proposed on Halloween 2016.”
The specific change in question removed “duplicate-input check from CheckTransaction” with the goal of saving “about 0.5-0.7ms during CheckBlock.”
The bug was identified by an anonymous whitehat coder who alerted the community on September 17, 2018.
There’s Something Fishy About the Bitcoin Core Exploit and the Reaction to It
The TrustNodes report identified several suspicious things about this latest Bitcoin Core exploit. TrustNodes suggests the exploit could have a connection to the BTC versus BCH chain split – something that occurred about one year after the exploit was introduced.
The controversy surrounds Matt Corallo, the man who introduced the exploit to the code. Did Corallo intentionally introduce the bug to the code? Here’s what TrustNodes has to say:
“Moreover, the apparent lack of testing leaves us no option but to raise the suggestion that this bug was perhaps intentionally merged into Bitcoin Core with the potential aim of it being utilized in the case of a chain-split. Matt Corallo himself, during the height of the blocksize debate, told miners there were catastrophic bugs which could be exploited in the case of a chain-split.”
There are other unusual things about the exploit. The exploit was revealed by an anonymous whitehat coder, for example. It’s unclear how that coder identified the bug after two years of it going unnoticed, or what that coder’s connection to the project may be.
Bitcoin also went through an unusual price movement during the leadup to the bug’s release: on September 17, the price of bitcoin rapidly plummeted from $6500 to $6200, with other cryptocurrencies following suit. Later that day, a pull request to fix the bug was made. The timeline for the bug’s disclosure is uncertain, but it appears the price of bitcoin started slipping well before the bug was released to the public.
BCH Had a Similar Exploit Earlier This Summer
Earlier this summer, it was revealed that a BTC developer had noticed a devastating bug in BCH’s code during an ordinary check. That developer quietly alerted the BCH development team of the exploit, and the exploit was patched. The BCH exploit would have crashed the BCH network, potentially damaging BCH irreparably.
News of that exploit became public after it had been patched. The BCH development community faced criticism – rightfully so – for allowing the bug to go unnoticed in a recent update. Some BTC supporters took it a step further and claimed that exploits like this were the reason BCH would fail and why BTC was the true version of bitcoin.
Now, those BTC supporters are eating their words as it’s been revealed that BTC could have been affected by a similarly devastating bug.
Nevertheless, many see a silver lining around this exploit. One commenter on Cobra’s post said the following, for example:
“Forget about the BUG for a moment, but just go through the PEER REVIEW & the VERIFICATION done by respective Developers/QAs. It’s just AWESOME. I haven’t seen such a STRONG DEVELOPMENT & QA Team in any PROJECT. Also, look at the logs, thy r just beautiful.”
Another BTC fan claimed this exploit was proof that there are no rogue miners in the bitcoin network:
“Perfect example that there are no rogue miners in the #bitcoin network.”
Ultimately, the bitcoin community responded appropriately to this issue. The exploit was noticed and patched before any malicious actors could attack it. The update is already rolling out to Bitcoin Core nodes. However, the damage to the reputation of key BTC developers could last much longer.