Bitcoin Core developers have urged all nodes to implement a patch on Friday, September 21 in order to prevent exploitation of a bug discovered recently in the Bitcoin protocol. The bug, called CVE-2018-17144, was originally reported to the Bitcoin Core team by Bitcoin developer Cash Awemany on September 17 .
A bug in the system
The discovery of the bugs and the developers of the Core attempts to face it have caused ruffled feathers in the cryptic community. The allegations of incompetence and bad faith have been leveled by members of the Bitcoin community (BTC) 0 0 and Bitcoin Cash as developers try to correct the bug.
CVE-2018-17144 was initially reported as a potential denial of service bug, but Core team developers have discovered the root problem that has impacted both denial of service and vulnerability. inflation. The Bitcoin Core team published a timeline in its bug announcement, showing the steps taken by the time the team went from being aware of the bug's issue in the release of a patch.
The CVE-2018-17144 bug originated from Bitcoin Core .15, originating as part of a change that was designed to simplify tracking the unspent transaction output. This change left Bitcoin versions .15x to .16.2 vulnerable to bugs, as well as all alternative or bifurcated versions of Bitcoin that still used the code containing the bug.
Fundamentally, the implantation of the code that caused the bug was driven by the same developer who was an integral part in the implementation of the fix. This added to the suspicion that the patch release was not properly managed.
Lying in Wait
Concerning many, the bug had remained hidden in the code for two years, raising concerns about what other problems could be hiding in Bitcoin just waiting to be exploited. In a post of the contributor to Medium Awemany, it was noticed that it would be just as easy for him to shorten the BTC – and exploit the error – as it was for him to report the error to the core team.  The Bitcoin Core team has been heavily criticized for the way it has spread the announcement on both the bug and the patch. For Bitcoin and many of the altcoins that rely on the same code, the decision to announce bugs and patches without consulting members of altcoin networks that would be influenced by a successful exploit was seen by some as political and mean.
Despite the promise of decentralization and transparency promised by cryptographic defenders, episode CVE-2018-17144 illustrates how many employees are projects on decisions made by a relatively small number of community members . If the actors in this saga had taken a handful of decisions differently, billions of dollars in value could have been wiped out. We hope this episode will lead to clearer standards on the discovery and application of bugs and on a more harmonious culture among the various teams of developers.
What are your thoughts on Bitcoin's bugs? Let us know in the comments below !
Images kindly granted by Shutterstock.