Three Biggest Bugs of 2018

Three Biggest Bugs of 2018

In light of recent events, we decided go over some of the critical bugs that have been discovered in recent months.

Bitcoin Cash

Client: Bitcoin ABC

Bug: SIGHASH_BUG

Discovered by: Cory Fields, a Bitcoin Core developer

Date discovered: April 25 2018

Date fixed: May 7 2018

Cory Fields was going over the latest release of Bitcoin ABC when he discovered that the new transaction signature verification code was missing a critical check of a specific bit in the signature type. A specially crafted and perfectly timed transaction could cause an involuntary split of the Bitcoin Cash chain. After several failed attempts Cory eventually found a way of discreetly disclosing the vulnerability to the Bitcoin ABC developers.

For more information, read Cory’s Medium post and our article.

Bitcoin

Client: Bitcoin Core

Bug: Denial-of-Service vulnerability, Inflation bug, CVE-2018-17144

Discovered by: Awemany, a Bitcoin ABC and Bitcoin Unlimited developer

Date discovered: September 17 2018

Date fixed: September 18 2018

This Bitcoin Core vulnerability could be exploited to create an invalid transaction with duplicate inputs, which is effectively double-spending. When propagated through the network, a block with such a transaction would cause receiving nodes to crash. This bug was present in versions 0.14.x before 0.14.3. However, it was later discovered that 0.15.x nodes could still be online after accepting the faulty block. This means that the network would still remain operational, double-spent coins would flood the network breaking the limit of 21 million coins.

For more information, read the full disclosure post, Awemany’s Medium post and our article on the matter.

Monero

Client: Monero Core

Bug: Burning bug

Date fixed: September 25 2018

The burning bug entails a possibility where an attacker can make the holdings on an organization unspendable, which in other words burns the funds. In this scenario, an attacker would send a number of transactions to an exchange using the same stealth, the exchange would not recognize this abnormality and would credit the attacker with XMR. Then the attacker could exchange unspendable XMRs for another cryptocurrency and withdraw the funds.

For more information, read the official Monero post.

By continuing to browse, you agree to the use of cookies. Read Privacy Policy to know more or withdraw your consent.