Crypto-Community Debates Bitcoin Core Bug and a ‘Forced Upgrade’

This week the cryptocurrency community has been discussing and dealing with the critical vulnerability that was found in the Bitcoin Core (BTC) reference client. Many observers are calling the bug one of the worst issues BTC has had in years, comparing the exploit to the March 2013 mandatory hard fork. In fact, in the eyes of many, the network is still vulnerable to massive inflation from an attack that costs a mere 12.5 BTC ($83,000).

Peter Todd: ‘The Most Dangerous Time Is Not *Prior* to It Being Patched, but Rather *While* It Is Being Patched’

The Bitcoin Core (BTC) community has been dealing with a critical vulnerability over the past few days. News.Bitcoin.com reported on the bug two days ago and some BTC supporters said because the exploit was patched now, “it wasn’t a big deal” anymore. However, if one was to observe social media and forums they would find that CVE-2018-17144 was a very big deal, and still to this day the bug poses a threat to the BTC network because not everyone has upgraded. Throughout yesterday and today, there are many subjective valuations from crypto-devs and well-known community members. For instance, the software developer Peter Todd explains the network can be the most vulnerable while the community is in the process of upgrading the recent patch.  

“The recent DoS vulnerability in Bitcoin, the most dangerous time is not *prior* to it being patched, but rather *while* it is being patched,” explains Todd. “Why? Because we have multiple implementations with different behavior, and thus potential chain splits — A 100% DoS crash is safer.”

So take the time this weekend to upgrade your nodes if you haven’t already, to get us back to ~%100 of the nodes running essentially the same implementation, and (hopefully!) the same protocol.

Theymos: ‘Updating to 0.16.3 is REQUIRED, and Anything Less Than 200 Confirmations Has a Low Probability of Being Reversed’
Crypto-Community Debates Bitcoin Core Bug and a ‘Forced Upgrade’Rather than being just a DoS issue the Bitcoin Core bug really could have caused a massive inflation issue.

On the Reddit forum r/bitcoin, Theymos explains that new information on the Core bug has escalated the importance of upgrading. “Updating to 0.16.3 is REQUIRED,” Theymos emphasizes in a stickied Reddit post. Moreover, Theymos says transactions with less than 200 confirmations have more of a probability they could be reversed. The stickied post written by Theymos stirred up an argument online on whether or not the upgrade was “forced.”

“For the next week, consider transactions with fewer than 200 confirmations to have a low probability of being reversed (whereas usually there would be essentially zero probability of eg. 6-conf transactions being reversed),” explains Theymos.

“Watch for further news. If a chain split happens, action may be required,” Theymos adds.

Furthermore, the Core contributor Matt Corallo explains that he believes most of the companies and mining pools have upgraded to the latest Core release that contains the patch.  

“Now I can breathe — No attempts to exploit,” Corallo explains on Twitter. “Most hash power upgraded — Most companies upgraded.”

Bitcoin.org owner Cobra explains his opinion of the situation.
Luke Jr: ‘It’s Not Too Late for Bitmain to Exploit It — the Network Has a Long Way to Go Until We’re Safe Again’

Even the Core developer Luke Jr says it’s not too late for miners to exploit the vulnerability, but also smears the mining pool Bitmain while he explains the network is still not safe.

“Unfortunately, it’s not too late for Bitmain to exploit it — The network has a long way to go until we’re safe again,” Luke Jr states on Twitter. When asked what he thinks Bitmain would do if they chose between option A: create inflation and destroy the bitcoin network, and dump the price, or option B: fix the bug and maintain network and price stability.” Luke Jr believes Bitmain might choose option A.    

“Considering the situation Bitmain is in, option A might be very tempting,” explains the Core developer.

Jameson Lopp: ‘[Upgrade] Optional, but Recommended if You Disagree With Unbounded Inflation and Crashes’

Some developers seemed to think the upgrade was not considered “forced.” Jameson Lopp says to the r/bitcoin moderator ‘Bashco,’ that maybe some people were triggered by the phrase “forced upgrade.” “I think some of them are triggered by the “forced” upgrade — Perhaps you should rephrase it as “optional, but recommended if you disagree with unbounded inflation and crashes,” Lopp states on Twitter.

“Exactly — Nobody is required to upgrade, anyone can audit the code before doing so,” Core contributor Eric Lombrozo explains in a response. “Critically, there are no deviations from expected consensus behavior — Language matters.”

The recent 2018 Core CVE is still being debated ferociously online in regard to whether or not the network is safe, if people really need to upgrade, and if the bug was handled correctly. As far as everyone saying it wasn’t a “big deal” most of the comments online from both developers and crypto-luminaries suggest the vulnerability was and still is an issue until everyone updates.

What do you think about the critical bug found in the Bitcoin Core client? What do you think about the debate over whether or not it was a big deal? Do you think this is a forced upgrade? Let us know your thoughts on this subject in the comment section below. 

21.09.2018 / 15:15 89
New Core Patch Fixes Bitcoin Network Vulnerability to DDoS Attacks New Core Patch Fixes Bitcoin Network
The Bitcoin Core team yesterday released a patch for a DDoS vulnerability that could prove fatal to the Bitcoin network. The patch note urged miners
No, Bitcoin Did Not Nearly Crash, Bugs Never Get to Production Release No, Bitcoin Did Not Nearly Crash, Bugs
While Bitcoin (BTC) is the first, largest, and the most popular cryptocurrency, it is certainly not perfect. Even though the it is often seen as a
Critical Bug Found in Bitcoin Core Invokes the Multiple Client Argument Critical Bug Found in Bitcoin Core
Over the last 24 hours, the cryptocurrency community has been discussing a critical vulnerability that was found in the Bitcoin Core (BTC) reference
‘Very Scary’: Bitcoin Core Developers Confirm Duplicate Transaction Bug Fix ‘Very Scary’: Bitcoin Core Developers
Bitcoin developers released a new version of the Bitcoin Core client September 18 after fixing a very scary bug which could have seen a malicious
White Hat Hacker Finds Major Vulnerability in Ethereum DApp Augur White Hat Hacker Finds Major
A white hat hacker has discovered a major vulnerability in decentralized prediction market Augur, perhaps the most highly-touted decentralized
Bitcoin ABC Patches Critical Vulnerability in Bitcoin Cash Mining Software Bitcoin ABC Patches Critical
Cryptocurrency development team Bitcoin ABC has released a patch to address a critical vulnerability in bitcoin cash mining software. According to
Comments (0)
Add a comment
Comment on