New Vulnerability In Bitcoin Core Would Have Allowed Miners To Inflate The BTC Supply

New Vulnerability In Bitcoin Core Would Have Allowed Miners To Inflate The BTC Supply

A vulnerability was previously found in Bitcoin Core and has now been patched. However, it was far more severe than initially revealed according to developers in an update on Thursday.

On the 18th of September, Bitcoin Core released an update, stating that a new version, 0.16.3, was available for download with a fix for a denial-of-service (DoS) vulnerability. The security issue CVE-2018-17144 was discovered, and, in older versions of Bitcoin Core, miners could crash blocks if they tried to process a block containing a transaction that attempts to spend the same input twice. Doing so would cause them to forfeit their block reward which is currently 12,5 BTC or approximately $83,000.

However, it was recently revealed that the vulnerability was more severe than earlier stated. Not only does the new Bitcoin Core versions 0.16.3 and 0.170rc4 patch the denial-of-service (DoS) bug but also address a serious issue that would allow malicious miners to artificially inflate the supply of Bitcoin through a specific type of double spend transaction.

“Thus, in Bitcoin Core 0.15.X, 0.16.0, 0.16.1, and 0.16.2, any attempts to double-spend a transaction output within a single transaction inside of a block where the output being spent was created in the same block, the same assertion failure will occur (as exists in the test case which was included in the 0.16.3 patch). However, if the output being double-spent was created in a previous block, an entry will remain in the CCoin map with the DIRTY flag set and having been marked as spent, resulting in no such assertion. This could allow a miner to inflate the supply of Bitcoin as they would be then able to claim the value being spent twice”.

According to the statement, this bug has been present in the Bitcoin Core software since version 0.14 and version 0.15 introduced the inflation vulnerability. However, it was not until September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated. The developers stress that node operators that have not upgraded to the latest version should do so as soon as possible.

“At this time we believe over half of the Bitcoin hashrate has upgraded to patched nodes. We are unaware of any attempts to exploit this vulnerability. However, it remains critical that affected users upgrade and apply the latest patches to ensure no possibility of large reorganisations, mining of invalid blocks, or acceptance of invalid transactions occurs”.

Image Source: “Flickr”

Leave a Reply

Your email address will not be published. Required fields are marked *