In light of recent events, we decided go over some of the critical bugs that have been discovered in recent months.
Client: Bitcoin ABC
Discovered by: Cory Fields, a Bitcoin Core developer
Date discovered: April 25 2018
Date fixed: May 7 2018
Cory Fields was going over the latest release of Bitcoin ABC when he discovered that the new transaction signature verification code was missing a critical check of a specific bit in the signature type. A specially crafted and perfectly timed transaction could cause an involuntary split of the Bitcoin Cash chain. After several failed attempts Cory eventually found a way of discreetly disclosing the vulnerability to the Bitcoin ABC developers.
Client: Bitcoin Core
Bug: Denial-of-Service vulnerability, Inflation bug, CVE-2018-17144
Discovered by: Awemany, a Bitcoin ABC and Bitcoin Unlimited developer
Date discovered: September 17 2018
Date fixed: September 18 2018
This Bitcoin Core vulnerability could be exploited to create an invalid transaction with duplicate inputs, which is effectively double-spending. When propagated through the network, a block with such a transaction would cause receiving nodes to crash. This bug was present in versions 0.14.x before 0.14.3. However, it was later discovered that 0.15.x nodes could still be online after accepting the faulty block. This means that the network would still remain operational, double-spent coins would flood the network breaking the limit of 21 million coins.
Client: Monero Core
Bug: Burning bug
Date fixed: September 25 2018
The burning bug entails a possibility where an attacker can make the holdings on an organization unspendable, which in other words burns the funds. In this scenario, an attacker would send a number of transactions to an exchange using the same stealth, the exchange would not recognize this abnormality and would credit the attacker with XMR. Then the attacker could exchange unspendable XMRs for another cryptocurrency and withdraw the funds.
For more information, read the official Monero post.