Bitcoin Developers Are Encouraging Crypto Users To Review The Code After Latest Catastrophic Bug Discovery
The bitcoin community has been rocked by two main bugs over the last few weeks, including one bug in the BCH network and another in Bitcoin Core. Based on these two bugs, some experts are encouraging bitcoin users to review the code more frequently.
“Bitcoin (BTC) hodlers urged to review its code more often,” writes John P. Njui at Ethereum World News.
“The news of a software bug being found in the codebase of bitcoin might have gone unnoticed by many crypto enthusiasts last week. Many conspiracy theories have been put forth as to why the news was not popularized by mainstream media in a manner similar or equal to how the Bitcoin ETF standoff at the SEC has been reported. However, the fact remains that there was a critical bug that was found and fixed without much of the crypto-community knowing about it.”
For those out of the loop, the bitcoin community was rocked by two major bugs over the summer. Both bugs were quietly patched before they were publicly disclosed.
In an interesting twist, the first bug affecting BCH was discovered by a BTC developer, while the second bug discovered within the Bitcoin Core protocol was discovered by a BCH developer. Both bugs had the potential to crash their respective networks.
Bitcoin Core made a full disclosure of the bug on its website, saying:
“CVE-2018-17144, a fix for which was released on September 18th in Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability. It was originally reported to several developers working on Bitcoin Core, as well as projects supporting other cryptocurrencies, including ABC and Unlimited on September 17th as a Denial of Service bug only, however we quickly determined that the issue was also an inflation vulnerability with the same root cause and fix.”
These bugs are huge news for the bitcoin community. Bitcoin hasn’t witnessed a major bug fix like this in years. BCH and BTC users can consider themselves very lucky that a bad actor didn’t discover the bugs before a benevolent developer. In the case of the Bitcoin Core bug, anyone willing to burn 12.5 BTC could have disrupted the BTC network, causing potentially catastrophic consequences for the world’s biggest cryptocurrency.
Yes, these bugs are huge news. However, they’ve largely been under-reported in the bitcoin community. Mainstream media will gleefully report on each bitcoin ETF denial and price crash. As Njui points out above, though, there’s been limited attention on these two new bugs.
Verge (XVG) Markets Still Haven’t Recovered From A Similar Bug
Back in May, it was revealed that Verge (XVG) had a devastating bug that allowed miners to mine XVG out of thin air. The hack occurred in mid-May and XVG prices have not yet recovered.
Njui compares the XVG bug to the bitcoin bugs. Both bugs could have had devastating consequences on the blockchain.
The bitcoin bug, however, didn’t make a ripple on the markets:
“The bug found on the bitcoin code was grounds for a catastrophic panic selling event; but this did not happen.”
Bitcoin Holders, Investors, And Users Need To “Take Full Ownership” Of Bitcoin’s Code
Bitcoin isn’t a centralized entity. There’s no bitcoin HQ responsible for releasing each new update to the bitcoin protocol.
When Facebook releases a software update with a backdoor into its servers, you can reasonably blame Facebook.
When a flaw is discovered in the bitcoin protocol two years after it was first approved by the community, then it’s more difficult to assign blame.
One of the reasons bitcoin is “trustless” is because we don’t need to trust a centralized entity when they tell us the code is safe: we know the code is safe because we can check it on Github at any time.
Of course, the vast majority of bitcoin users have never checked the bitcoin code. Even the world’s best and brightest bitcoin developers left a devastating bug in the code for years without detection.
So who’s to blame? Here’s what software developer Pierre Rochard has to say about assigning blame after this latest bug:
Every Bitcoin holder that has the means to do so or Bitcoin business that is profitable should take full ownership of Bitcoin code review, whether it’s by performing code reviews themselves or hiring devs to do it for them. Frankly, no excuses not to. https://t.co/jXksBfWM0b
— Pierre Rochard (@pierre_rochard) September 23, 2018
In a follow-up tweet, Rochard added that:
Bitcoin is only trustless if you trust the code. The only way to trust the code is to work with it. The Bitcoin Core software project is very welcoming to new contributors, new reviewers, and – if you're up for the challenge – new maintainers. https://t.co/tiRZygOLnk https://t.co/h0izj5eRFS
— Pierre Rochard (@pierre_rochard) September 24, 2018
Rochard advocates taking ownership over the bitcoin code: as members of the bitcoin community, it’s our responsibility to check the code. The more people checking the code, the less likely a bug will escape undetected. Bitcoin works best when there are lots of talented people working on it.
Of course, asking every bitcoin hodler to hire a developer to check the bitcoin code is a little ridiculous.
“There Are More Mistakes Coming”
Members of the bitcoin community are angry at the devs for letting the bug go undetected for two years. Developers, meanwhile, are angry that the community didn’t notice the bug for two years.
The crypto community is split into two sides. Most people, however, seem to be siding with developers.
Here’s what self-described “bitcoin maximalist” and “crypto-anarchist” Robert Spigler had to say about the issue on Twitter:
Nothing is making me angrier than #Bitcoin users getting angry at devs for this recent inflation bug. They have devoted, for free, years of their time and changed the course of human history. In doing so, they have made ONE mistake. Shame on you all.
— Robert Spigler 🔑 (@RobertSpigler) September 23, 2018
In response to that tweet, network designer Michal Pecek added that:
There are more mistakes coming. That is inevitable. The question I would focus on is: Why the code change didn't break any test? It is much easier to write good tests (but still huge job to be done) than trying to review all the code and find all the bugs (close to impossible).
— Michal Pecek (@michal_pecek) September 24, 2018
Bitcoin developers patched a bug last week. That bug was never utilized but had the potential to be catastrophic if discovered by a malicious party. Moving forward, the development team expects to more carefully review code changes – and they’re encouraging the bitcoin community to help them with that task.