Bitcoin Core vulnerability disclosed publicly

0
109
Bitcoin, Vulnerability

A Bitcoin Core vulnerability has been disclosed publicly by a developer and according to reports, the vulnerability was seemingly being actively exploited on Bitcoin Cash.

The vulnerability was publicly disclosed by bitcoin developer and CTO at Purse Christopher Jeffrey. At the time of this writing the vulnerability is still not patched at Bitcoin Core. Some Bitcoin Core developers have strongly criticized the disclosure as being irresponsible because it had not yet been patched, but Jeffrey says: “This is already fixed in multiple implementations including bcoin and Bitcoin ABC.”

As it goes, there are some implementations that allow for the creation of special transactions that can spend many transactions from many outputs. As they are loaded onto memory, they can reach a size of 8GB, crashing nodes.

He added that BitcoinJ, libbitcoin, and Parity Bitcoin were never affected in the first place. According to the developer, the vulnerability shouldn’t be a huge problem considering that Bitcoin is a decentralized protocol where people should be using multiple different implementations. He went on to add that implementation centralization has the potential of killing bitcoin one day.

He continues that this particular vulnerability isn’t going to break bitcoin, but it is a reminder that single points of failure could happen if implementation centralization occurs. He adds that the vulnerability isn’t a zero-day as he had already disclosed the vulnerability to a number of different node implementers. These include Sipa (core), Jeff Garzik (btc1), Laolu (btcd), and deadalnix (bitcoin abc).

The vulnerability has not been patched in Bitcoin Core. The reason for their failure to do so remains unclear. Jeffrey says he informed them 2 months ago. Sachets took two days to implement the patch, he says, while Bitcoin Core still hasn’t at the time of writing.

Jeffrey says: “It was patched, in multiple implementations. Just not Core. It’s not my problem if one implementation is lagging behind when I warned them ages ago.”

SHARE
Previous articleHMM completes world’s first blockchain powered shipping voyage
Next articleBitcoin, Ethereum, other cryptocurrencies tumble as China rumors continue to pour in
With over nine years of experience through various editorial positions at major news outlets including ITProPortal.com, TheNewsReports.com, TechieNews.co.uk among others, Ravi decided to build up on his interest in cryptocurrencies through CryptoCrimson.com. Ravi is a network security graduate from Liverpool John Moores University, UK. After a 4-year stint as network security consultant at various companies in the UK and India, Ravi's interest for writing took him to online journalism in 2010.

LEAVE A REPLY

Please enter your comment!
Please enter your name here