Bitcoin Core Developers Issue Emergency Update for DoS Flaw


Keeping a cryptocurrency safe and secure from harm is a full time responsibility. Even in the case of Bitcoin, new flaws can be discovered after nearly 10 years of ongoing development. One such issue has been disclosed earlier this week, as it caused a denial-of-service issue with Bitcoin Core 0.16.2.

The Bitcoin Core DoS Issue

In the world of cryptocurrency, denial-of-service incidents are rather uncommon. Although it is possible to completely cripple smaller-cap blockchain projects with some effort, one would not necessarily expect such issues to present themselves where top currencies are concerned. In the case of Bitcoin, it seems such a vulnerability has been present for quite some time now.

Ever since Bitcoin Core client version 0.14.0 was introduced a while ago, there has been a denial-of-service vulnerability lurking within the code. Until this week, that problem went by unnoticed, primarily because no one attempted to exploit it. It still remains unclear if someone effectively abused this flaw to date. Even so, developers have successfully prevented this problem from escalating further.

According to the notes documenting this bug, the DoS exploit causes Bitcoin Core to crash when attempting to validate a block containing a transaction spending the same input twice. Because of this flaw, malicious miners could effectively prevent others from receiving the 12.5 BTC block reward. It is a very problematic incident which needed to be addressed sooner rather than later.

There is a very easy fix to solve this problem. Although it is present in any Bitcoin Core version past 0.14.0, the updated Bitcoin Core 0.16.3 seems to remove this vulnerability altogether. That means users need to upgrade their client accordingly, prior to falling victim to this flaw now that the information is out in the open. Upgrading immediately is highly recommended for anyone using the Bitcoin Core wallet or operating a network node.

With the new Bitcoin Core 0.17.0 release around the corner, this vulnerability can be removed from that client as well. A fourth release candidate will make its way to the testnet shortly, and removing any lingering bugs form it has always been a top priority. Testers of previous release candidates will also need to upgrade to this latest version as soon as possible prior to suffering from the DoS vulnerability.

Issues like these highlight why the work of cryptocurrency coders is never done. There are so many zero-day exploits than can pop up, and they will need to be dealt with ASAP. For Bitcoin, it is one of the more threatening bugs the project has seen in recent years. Even so, it is good to see the developers take such swift action in this regard.

LEAVE A REPLY

Please enter your comment!
Please enter your name here