Tech 7 May 2018

Eli Afram

Bitcoin ABC patches vulnerability in full-node client

A very short while ago, Bitcoin ABC (the most popular client software for Bitcoin Cash) reported that a vulnerability within the node software had been identified, and that the necessary steps had already been taken to mitigate the issue.

The incident allowed an attacker to form a malicious transaction, exploiting the vulnerability in the Bitcoin ABC client, potentially causing a split in the network. Bitcoin ABC nodes would have effectively mined the transaction into a block that all other implementations of the node software would reject, causing an unintended split. This has occurred twice in the history of bitcoin so far but to date no such incident has occurred on BCH.

With respect to the mitigation actions taken by Bitcoin ABC, Stefan Matthews, CEO of BMG Operations (nChain’s affiliated mining business) states: “We are pleased that the Bitcoin ABC team responded to this software bug with an exemplary level of professionalism – by determining a rapid response strategy to eliminate the impact on the wider BCH ecosystem, proactively communicating with us and other miners, and so quickly releasing a patch to correct the issue.   The commitment to quality and security they have displayed to both BCH industry participants and end users gives us even more confidence in the Bitcoin ABC team.”

An anonymous person(s), had initially flagged the issue with Bitcoin ABC’s development team, who were then able to make an assessment of the impact, and prepared a patch, and deployed it to miners in a private release. Given the decentralized nature of Bitcoin mining, the patch was initially deployed to verified Bitcoin Cash miners, who were then able to forward to other miners. Bitcoin ABC 0.17.0 users should upgrade to the latest version as soon as possible.

The nature of a decentralized development environments such as with Bitcoin Cash, provides many advantages, but also introduces complexities and challenges as noted by this particular incident. It also requires a strong ‘work-together’ ethic from these teams.

Following a root cause analysis, Bitcoin ABC have taken undertaken significant measures already to prevent such an event from occurring again, and “also to reduce the overall response time in the case of emergent issues in future”. Bitcoin ABC is also currently planning a much-needed bug bounty system which will most certainly come in handy by way of utilizing the greater technical community to assist in bug discovery and rewarding responsible disclosures.

Jimmy Nguyen, CEO of nChain Group, remarked:  “Bitcoin ABC and its software implementation are vital to the success of Bitcoin Cash.  Therefore, nChain stands prepared to use our resources and technical skills to help Bitcoin ABC with support for code testing and review, and to help fund bug bounties to encourage proactive reporting of software issues.  With any technology growth, issues arise and it’s how someone responds that reveals much about their character.  We applaud Bitcoin ABC’s team approach and know that continued collaboration among Bitcoin Cash ecosystem participants will ensure the BCH network thrives for everyone’s benefit.”

The initial response from Bitcoin ABC has been very appropriate. Of equal importance is not only the initial response, but the lessons learnt to ensure necessary processes are in place to reduce the risk of repeat incidents. Risk can be minimized – substantially. The idea that risk can be eliminated is by all technical standards, a fallacy.

Major miners, who are among the top stakeholders of Bitcoin Cash, have unanimously praised the response as professional.

Roger Ver, CEO of Bitcoin.com, who also runs mining operations was pleased, stating “the way this was handled shows that the Bitcoin Cash community are a group who are genuinely committed to the cause of enabling peer to peer electronic cash to the world”.

Certainly, this is far from the first time Bitcoin has required emergency work to resolve an issue. In 2010, an unknown individual found and actually succeeded into exploiting a hack that produced 92 million Bitcoins into existence. The blockchain was rolled back, cancelling later transactions in order to correct the problem.

In 2013, the Bitcoin Core team released a version 0.8 of the client, which wasn’t compatible with previous versions. The potential impact, was identical to this recently identified Bitcoin ABC issue where it was highly possible a split could eventuate, leading to two ledgers. This issue was resolved by hard-forking back to version 0.7 until the issue was resolved.

Other digital-coins have experienced similar issues also. In fact, last year, I similarly praised the Monero development team for managing to ever so professionally identify and resolve a crucial bug affecting all cryptonote  algorithm based coins, which allowed an attacker to create an unlimited number of coins in a way that is undetectable to an observer. The emergency patch for this was cleverly snuck into a mandatory update, and the developers of affected competing coins were also notified, saving the network, and others, from a serious inflation situation.

Bitcoin ABC has publicly thanked the individual(s) who disclosed the vulnerability, noting it was provided in “a clear and professional report”, and are offering a reward.

Eli Afram
@justicemate

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

Pakistan eyes blockchain for digitalization of government processes

Tech 18 April 2019

Pakistan eyes blockchain for digitalization of government processes

A meeting chaired by Pakistan Prime Minister Imran Khan discussed ways in which technologies such as blockchain could be used to ensure efficiency of government processes.

Read More
Accenture, Generali taps blockchain for employee benefits

Tech 18 April 2019

Accenture, Generali taps blockchain for employee benefits

Global management consulting firm Accenture has teamed up with Generali Employee Benefits to develop what they referred to as a unique employee benefits system powered by blockchain.

Read More
Bitcoin SV and the roadmap to Genesis

Tech 17 April 2019

Bitcoin SV and the roadmap to Genesis

Coming soon will be a network upgrade called Quasar, which is currently scheduled for July 24 and centers on increased scaling capabilities.

Read More