Last Monday, a bug was discovered in the Bitcoin Core software that would allow a miner to take down large parts of the network and even create bitcoins out of thin air. It was responsibly disclosed to the Core developers, who quickly published a patch for the bug. Now that the dust is settling, what have we learned?
The bug was discovered by Bitcoin Unlimited (BU) developer Awemany. He was working on the code for a few new OP codes and how the BU and Bitcoin ABC implementations verify things differently.
In the code for ABC, he noticed a small optimization that removed a verification step when receiving a block. This optimization shaved 600ms off validation time. By creating transactions with duplicate inputs, Awemany was able to crash ABC nodes at will.
Immediately, he started the process of disclosing the bug to Bitcoin ABC devs. He timestamped his find and started digging deeper. Hoping that the bug had been introduced in a patch that hadn’t yet been released, Awemany looked for the original pull request that introduced it.
Bitcoin ABC was forked from Core in July 2017, meaning up to that point they have an identical codebase. The bug was merged into Core all the way back in 2016.
He talks about his discovery of the bug and his perspective as the developer who discovered it in a fantastic article posted on his Medium page that you can find here if you’d like to read the full article.
At the time, Awemany created a new pseudonym “beardnboobies” to disclose his findings. He sent an encrypted email to several Core and ABC developers explaining the exploit and providing patched-to-attack versions of both implementations.
The problem was quickly patched on Core’s Github. Top mining pools and exchanges were alerted, with most mining nodes patched within hours of the email. Three days after the discovery, on September 20th, Core released their Full Disclosure report
The bug originally was only suspected to be a crash bug. But as researchers looked closer, it was found this bug was much worse.
What Exactly Did the Bug Do?
The obvious worst part of this bug was the inflation exploit. An attack could create new bitcoins at will, exceeding the 21 million hard cap limit that is currently in place. This would absolutely destroy confidence in not only Bitcoin, but every cryptocurrency.
In addition, a miner could crash every single node they are connected to by producing a block with an invalid transaction in it. Miners are will go out of their way to connect to as many other mining nodes as possible, so they receive notifications of blocks faster.
Imagine you’re a miner, hashing away at block #1000. Another miner, Jim, finds block #1001 and starts propagating it around the network. However, you’re not connected to Jim, so it takes an extra few seconds for you to receive the block. During those few seconds, the network has moved on and you’re wasting hashpower and in turn money. You need to receive the new block before you get started on the next one.
All the miners are highly connected, so if one is producing client-crashing blocks, many of the larger miners would be hit.
Core Developers Downplaying Severity of Bug
During the first few days after the bug was disclosed, all the announcements trying to get people to upgrade only talked about the crash aspect of the bug. No mention of the inflation vulnerability, except for a single forum post that was quickly deleted.
While this seems weird, it was done with a very specific purpose. From the Disclosure report on the Bitcoin Core website
In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade. On September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated.
This bug was one of the most catastrophic Bitcoin bugs found in recent times, possibly ever. What can we take away from this event going forward?
We take the security of our code for granite. Bitcoin Core was looked at as the gold standard of security, and there was an inflation bug sitting there for nearly two years. Are there more bugs in the code to find?
At the time of writing, only 28.9% of nodes have upgraded to the patched version. While this sounds terrible, the network hasn’t gone up in flames and most likely won’t. The only nodes that really matter on the network are the mining nodes and nodes servicing large businesses or exchanges, and a large majority of those type nodes have already upgraded. Small user nodes don’t help network security and only helps users that are dealing with dozens or even hundreds of transactions per day.
Hopefully, this is the last bug of this scale we see in Bitcoin, and if there is a next one that it is handled as responsibly and quickly as CVE-2018-17144.
How do you think this bug was handled? Are you worried about more bugs possibly getting found in the future? Let us know in the comments below!
Images courtesy of ShutterStock