Devs Warn to Update Bitcoin Software
Bitcoin has a DDoS (distributed denial of service) vulnerability and developers have warned that everyone has to update the software to a new version or it could all collapse. Now, they add that while the bug has been fixed, there is still a small chance of a chainsplit within the next week or so.
The initial patch notes state that, “A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2. It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible.” Anyone willing to exploit this bug, however, would have to sacrifice a block reward of 12.5 BTC (more than USD 80,000) to do so.
Although this may seem far-fetched, other possible (and maybe even probable) issues present themselves: a chainsplit, which occurs when two or more versions of a blockchain exist at any one time. All competing versions share an identical history up until the point at which they split. Currently, incompatibilities between different versions of full node software could trigger a chainsplit.
“There is currently a small risk of a chainsplit. In a chainsplit, transactions could be reversed long after they are fully confirmed,” the developers warn, adding, “Therefore, for the next week or so you should consider there to be a small possibility of any transaction with less than 200 confirmations being reversed.” However, they also promise to keep the community updated and add that if a chainsplit should happen, “action may be required.”
Currently, double-spending presents the biggest challenge, as there is still a way to try to double-spend, as explained in a full disclosure statement that the developers published. Still, the post adds, “At this time we believe over half of the Bitcoin hashrate [or computing power] has upgraded to patched nodes. We are unaware of any attempts to exploit this vulnerability. However, it still remains critical that affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs.”
Listen to Tone Vays, a trader and analyst, and Jimmy Song, Bitcoin Core developer and a partner at Blockchain Capital, a venture capital company, discussing the bug.