
Earlier this week, it became apparent to the Bitcoin Core development project that there has been a critical bug found in the consensus code of their Bitcoin implementation. The bug would have allowed certain miners to DDoS and crash Bitcoin full nodes. However, the miner (attacker) would have to burn a 12.5BTC block reward (~$80k) to initiate the attack and then it would only be able to take down connected nodes. Our friend StopAndDecrypt broke it down like this:
That miner executing the attack, ideally (for their sake), would be coordinated enough to know that they'd need to spam it to the entire network. They'd need a list of all the nodes, most of which (~90,000+) are non-listening nodes (unlisted).
— StopAndDecrypt (@StopAndDecrypt) September 19, 2018
I'm not an expert, but I'd imagine high target exchanges and services could protect from potential future threats similar to this one by fire-walling their production nodes behind a series of nodes live on the network.
— StopAndDecrypt (@StopAndDecrypt) September 19, 2018
The bug has been in Bitcoin Core clients since v0.14.0 and has been patched with the release of v0.16.3. If you're running a node and haven't done so yet, go download v0.16.3 ASAP. Patches for older versions should be rolled out soon as well.
It doesn't seem like it would have been anywhere near fatal if the bug was executed and it really wouldn't make sense for a miner to engage in this type of attack (they'd be killing their golden goose that is the block reward and the overall confidence in the Bitcoin Network), but this is certainly not a good look. Let this serve as a reminder that no team of devs is infallible and that vigilance and code review should be a top priority for any development team, but especially one working on a system that secures $100B+.
Luckily, it seems like we're going to avoid any negative repercussions from this bug since it was discovered and patched before being exploited. Though, again, this is never ideal and should be a call to action for more code reviewers and testers for the Bitcoin Core repository.
Not my usual type article, not Bitcoin related but more a short story of my personal experience on Crypto Twitter recently. https://t.co/EHOhmsfiYm
— WhalePanda (@WhalePanda) September 19, 2018
Presented without comment other than you should read the post and SJWs are the weakest warriors this planet has ever housed.
Final thought...
Was never a big soccer fan growing up. Went to one practice when I was 6 and never hit the pitch again in my life. Think I could have crushed it if I stuck with it.