Bitcoin Core issues quick upgrade to fix a critical bug

Leo Zhang

By Leo Zhang

Cryptocurrency systems are highly intricate. Despite being in existence for a decade, Bitcoin still experiences technical turbulance from time to time. This week, a rather severe bug was discovered that has the potential to crash over 30 percent of the nodes, if it were to be discovered and exploited. The vulnerability was first introduced in the version released in March 2017, but was not discovered until early this week. Bitcoin Cash, Litecoin, and DASH were also effected. The Core developers quickly reacted to the threat and released a patch, and urges node operators to upgrade.

The disclosure below describes the timeline of the discovery, and how developers decided to communicate the vulnerability to public. This is a reminder that despite the market euphoria and media attention, cryptocurrency systems are still experiments.

Bitcoin Optech newsletter #13

"Upgrade to Bitcoin Core 0.16.3 to fix denial-of-service vulnerability: a bug introduced in Bitcoin Core 0.14.0 and affecting all subsequent versions through to 0.16.2 will cause Bitcoin Core to crash when attempting to validate a block containing a transaction that attempts to spend the same input twice. Such blocks would be invalid and so can only be created by miners willing to lose the allowed income from having created a block (at least 12.5 XBT or $80,000 USD)."

CVE-2018-17144 full disclosure
(Bitcoin Core)

"In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade. On September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated.

At this time we believe over half of the Bitcoin hashrate has upgraded to patched nodes. We are unaware of any attempts to exploit this vulnerability.

However, it still remains critical that affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs."

Technical Updates

Bitmain announces next-generation ASIC chip
(Bitmain)

"The new ASIC SHA256 algorithm acceleration chip carefully built by Bitmain uses one of the world’s most advanced semiconductor manufacturing technologies, 7nm FinFET. The ASIC chip integrates more than a billion transistors and is optimized for maximum efficiency. Thanks to its unique circuit structure and low power technology, it is stable and more efficient. Mr. Wu said tests have shown that the chip can achieve a ratio of energy consumption to the mining capacity that is as low as 42J/TH."

List of lectures on cryptography

Development on Lightning API

Cryptoeconomics and mechanism design
(Hackernoon, by Amber Cazzell)

"To be sure, the same mental heuristics that gave rise to behavioral economics will ring true of digital currencies. Still, dismissing the usefulness of behavioral cryptoeconomics as a sub-discipline would be foolish. I’ve outlined five important aspects of digital currencies that represent a point of departure from how humans are likely to interact with fiat currencies."

News & Commentary

Commentary on Ripple price jump

Fascinating story about penny stock manipulation

Travis Kling: the secrets of a crypto trader

Tether's impact on Bitcoin price not 'statistical significant', study finds
(CoinDesk, by Brady Dale)

"Wei's research focuses on the volume of USDT in the market and changes to that volume. It does not address controversies around the amount of U.S. dollars actually backing USDT."