Critical Bug Found in Bitcoin Core Invokes the Multiple Client Argument

Posted on Sep 19, 2018

Critical Bug Found in Bitcoin Core Invokes the Multiple Client Argument

Over the last 24 hours, the cryptocurrency community has been discussing a critical vulnerability that was found in the Bitcoin Core (BTC) reference client. A bug introduced in Bitcoin Core version 0.14, that also affects all subsequent versions, could have caused a great majority of current Core nodes to crash. According to the developer’s Optech newsletter, Core contributors released a patch that fixes Core version 0.16.2 and the latest 0.16.3 fix requires an immediate upgrade.

The whole community is talking about a vulnerable bug that was introduced into the Bitcoin Core reference client two years ago. The issue found in Bitcoin Core software (patched now) versions 0.14 and above has brought about another heated discussion concerning the fallibility of developers, and using a single reference client as opposed to using multiple implementations. The bug in question went unnoticed for two years when it was introduced in November of 2016 and a great majority of Core contributors accepted (ACK) the change without many questions.

According to developers, the bugs’ patch release notes, and the Optech newsletter, an anonymous individual reported the bug to Core contributors. Essentially, the vulnerability found in Bitcoin Core software would have allowed a malicious actor with a mere 12.5 BTC to crash roughly 90 percent of Core nodes. The Fast Internet Bitcoin Relay Engine (FIBRE) baked into Core would have made matters worse because of the way FIBRE propagates blocks.