Reporting Bugs in the Era of Cryptocurrencies

In his yesterday’s article on Medium, Cory Fields shares his experience of disclosing a Bitcoin Cash vulnerability.

Cory Fields is a Bitcoin Core developer working for the Digital Currency Initiative at the MIT Media Labs, a group tasked with researching and developing cryptocurrencies.

Cory was examining some of the Bitcoin ABC (Bitcoin Cash client) software updates in the hope of finding any bugfixes that might come relevant for Bitcoin Core. He noticed that some of the code, responsible for verifying transactions, had been rewritten. The new code did not include a critical check in the transaction signature type. This flaw could potentially split the Bitcoin Cash chain into two incompatible chains, which could entail the damage measured in billions of dollars.

He decided to inform the Bitcoin Cash developers of the vulnerability but then he realized he had a problem. He could not disclose the information because, if someone would have exploited the bug the following day, all the arrows would be pointing at Cory. There would be no way of proving that he had not been the attacker for he had all the necessary knowledge at the time.

He had certain doubts as to why he should risk his safety: he had no obligation whatsoever to report anything. But all the doubts evaporated when he thought about how he would want such information to be brought to his attention, had ‘an equally nasty bug’ been discovered in Bitcoin Core.

After several failed attempts Cory eventually found a way to send an encrypted message to Bitcoin ABC developers. The bug was fixed on April 27, two days after Cory had reported it. The catastrophe was averted.

Cory’s take-away from this incident:

As cryptocurrency developers, it is necessary to take a step back now and then to re-evaluate the tools at our disposal, as well as the policies and procedures that we put into place. We may not be able to eliminate the threat of bugs like these, but we can learn from them and be better prepared to handle them in the future.

Cory Fields, Bitcoin Core developer

Read here for more on Cory’s responsible deed for the crypto community.

BTC

3,911 USD
-1.71%

BCH

157.35 USD
-5.14%

Related news

P2P bitcoin marketplace LocalBitcoins implements new ID verification process

CryptoNinjas LocalBitcoins, the popular Finland based person-to-person bitcoin trading site, announced it is currently developing a more efficient and reliable identity verification process. The new ID verification system will build upon recent updates by introducing 4 individual account levels per trade and BTC transaction... P2P bitcoin marketplace LocalBitcoins implements new ID verification process
CryptoNinjas

Major Financial Institutions, Asset Managers and Blockchain Industry Leaders to Convene in New York at the Digital Asset Summit, May 15, 2019

NEW YORK, March 26, 2019 /PRNewswire/ -- BlockWorks Group (www.blockworksgroup.io) is pleased to announce its inaugural Digital Asset Summit (www.digitalassetsummit.io) taking place May 15th in New York City, which will bring together 500 of the most influential fund managers, banks, family offices, regulators, CIOs and blockchain innovators. Digital Asset Summit (DAS) is the only event during blockchain week designed specifically for financial market professionals and institutional investors.  The conference is being convened at a critical time as real-world applications of blockchain technology are being adopted by a growing number of leading financial firms. Digital Asset Summit attendees will hear from a curated blend of financial and blockchain industry leaders who together bring a balanced, pragmatic view of the developing digital asset ecosystem. Attendees will be primarily buy-side and sell-side financial industry professionals who are interested in learning from and collaborating with other leaders in the space. Featured sessions include: Keynote from Fusion Foundation's CEO, Dejun Qian: Digital Assets and the Internet of Value Keynote from DTCC's Managing Director & Chief Technology Architect, Rob Palatnick: Creating Trust in a Trustless Platform Fireside Chat with RRE Ventures Full story available on Benzinga.com
Benzinga

Yahoo! Japan Enters Crypto Despite Bear Market, Plans May 2019 Launch of Bitcoin Exchange

Taotao, a crypto exchange based in Japan, is planning to launch in May with the approval of Japanese authorities. According to a CNBC report in April 2018, Yahoo! Japan said that it will acquire a 40 percent stake in BitARG Exchange Tokyo, which has since reportedly been rebranded to Taotao. “Yahoo Japan Corp said on Friday it would buy a minority stake in a Tokyo-based cryptocurrency exchange, becoming the latest major Japanese financial services provider to shrug off security concerns and join the digital money industry,” the report read. Prior to that, in March 2018, CCN reported that Yahoo! Japan The post Yahoo! Japan Enters Crypto Despite Bear Market, Plans May 2019 Launch of Bitcoin Exchange appeared first on CCN
CCN

Hot news

By continuing to browse, you agree to the use of cookies. Read Privacy Policy to know more or withdraw your consent.