On Tuesday, September 18, held an unscheduled release of the Bitcoin Core client under version 0.16.3, through which was fixed a critical vulnerability that threatened the implementation of DOS attacks on the network. Exploitation of the bug was, however, a daunting task, and fortunately they were never used.
Bitcoin Core 0.16.3 was released: https://t.co/SsbsJsqSTo
Upgrade recommended due to vulnerability fix
— Bitcoin Core Project (@bitcoincoreorg) 18 September 2018
As stated in the accompanying review of the Bitcoin Core developers about vulnerabilities they said on condition of anonymity to the user. Exploitation of the bug, called CVE-2018-1744, could allow an attacker to disrupt nearly 90% of the gcd, in this case, the attack would require only 12.5 BTC – the size of the awards currently, the miners found a block. Built-in Bitcoin Core and is designed to speed up the distribution blocks engine The Fast Internet Bitcoin Relay Engine (FIBRE) at the same time could exacerbate the situation.
Mailing list Optech explains that the bug CVE-2018-17144 appeared in Bitcoin Core version 0.14.0, release of which was held in November 2016, and affected all subsequent versions up to 0.16.2. Its operation was allowed to disrupt the network when you try to validate a block that contains the transaction that is trying to double spend the same entrance. Such a block would be ineffective and could only be created by miners who are ready to abandon the loss of rewards in the amount of 12.5 BTC (about $80,000 at current exchange rates).
Operators gcd, respectively, it is recommended to urgently upgrade to a newer version of Bitcoin Core or to a new version BitcoinABC for network Bitcoin Cash. The Bitcoin client Unlimited the vulnerability is not affected. Release notes essential fix reported by the developers of Litecoin.
The developers also emphasized that the identified vulnerability could have very negative consequences for the Lightning Network, still in the experimental stage network for a fast and cheap transaction.
It should be noted that this vulnerability was a result of the so-called human factor, and are responsible for it are developers, who approved the previous code change. Among them were, for example, Gregory Maxwell, Wladimir van der Laan and Matt Corallo.
However, as commented on this situation OpenBazaar developer Chris Space, he does not criticize those responsible, and criticized the “idiots minimalists” who see in Bitcoin Core developers like gods.
Bugs happen. This is a fact of life. I’m not criticizing them for having a bug. I’m criticizing the idiot minimalists who need Core developers who insist are God-like individuals and certainly The Best Devs in the World™
— Chris Pacia (@ChrisPacia) 18 September 2018
The developers of Bitcoin Core has not followed yet statements about whether there would be any analysis of the incident and whether it made a public report on the causes of the incident and how to avoid the recurrence of such incidents in the future.
We will remind, earlier ForkLog wrote about the upcoming release of the new Bitcoin Core release 0.17.0.