• NOW
Crypto-Community Debates Bitcoin Core Bug and a 'Forced Upgrade'

Crypto-Community Debates Bitcoin Core Bug and a 'Forced Upgrade'

This week the cryptocurrency community has been discussing and dealing with the critical vulnerability that was found in the Bitcoin Core (BTC) reference client. Many observers are calling the bug one of the worst issues BTC has had in years, comparing the exploit to the March 2013 mandatory hard fork. In fact, in the eyes of many, the network is still vulnerable to massive inflation from an attack that costs a mere 12.5 BTC ($83,000).

Also read: Critical Bug Found in Bitcoin Core Invokes the Multiple Client Argument

Peter Todd: ‘The Most Dangerous Time Is Not *Prior* to It Being Patched, but Rather *While* It Is Being Patched’

Crypto-Community Debates Bitcoin Core Bug and a 'Forced Upgrade'The Bitcoin Core (BTC) community has been dealing with a critical vulnerability over the past few days. News.Bitcoin.com reported on the bug two days ago and some BTC supporters said because the exploit was patched now, “it wasn’t a big deal” anymore. However, if one was to observe social media and forums they would find that CVE-2018-17144 was a very big deal, and still to this day the bug poses a threat to the BTC network because not everyone has upgraded. Throughout yesterday and today, there are many subjective valuations from crypto-devs and well-known community members. For instance, the software developer Peter Todd explains the network can be the most vulnerable while the community is in the process of upgrading the recent patch.

“The recent DoS vulnerability in Bitcoin, the most dangerous time is not *prior* to it being patched, but rather *while* it is being patched,” explains Todd. “Why? Because we have multiple implementations with different behavior, and thus potential chain splits — A 100% DoS crash is safer.”

So take the time this weekend to upgrade your nodes if you haven’t already, to get us back to ~%100 of the nodes running essentially the same implementation, and (hopefully!) the same protocol.

Theymos: ‘Updating to 0.16.3 is REQUIRED, and Anything Less Than 200 Confirmations Has a Low Probability of Being Reversed’

Crypto-Community Debates Bitcoin Core Bug and a 'Forced Upgrade'
Rather than being just a DoS issue the Bitcoin Core bug really could have caused a massive inflation issue.

On the Reddit forum r/bitcoin, Theymos explains that new information on the Core bug has escalated the importance of upgrading. “Updating to 0.16.3 is REQUIRED,” Theymos emphasizes in a stickied Reddit post. Moreover, Theymos says transactions with less than 200 confirmations have more of a probability they could be reversed. The stickied post written by Theymos stirred up an argument online on whether or not the upgrade was “forced.”

“For the next week, consider transactions with fewer than 200 confirmations to have a low probability of being reversed (whereas usually there would be essentially zero probability of eg. 6-conf transactions being reversed),” explains Theymos.

“Watch for further news. If a chain split happens, action may be required,” Theymos adds.

Furthermore, the Core contributor Matt Corallo explains that he believes most of the companies and mining pools have upgraded to the latest Core release that contains the patch.

“Now I can breathe — No attempts to exploit,” Corallo explains on Twitter. “Most hash power upgraded — Most companies upgraded.”

Crypto-Community Debates Bitcoin Core Bug and a 'Forced Upgrade'
Bitcoin.org owner Cobra explains his opinion of the situation.

Luke Jr: ‘It’s Not Too Late for Bitmain to Exploit It — the Network Has a Long Way to Go Until We’re Safe Again’

Even the Core developer Luke Jr says it’s not too late for miners to exploit the vulnerability, but also smears the mining pool Bitmain while he explains the network is still not safe.

“Unfortunately, it’s not too late for Bitmain to exploit it — The network has a long way to go until we’re safe again,” Luke Jr states on Twitter. When asked what he thinks Bitmain would do if they chose between “option A: create inflation and destroy the bitcoin network, and dump the price, or option B: fix the bug and maintain network and price stability.” Luke Jr believes Bitmain might choose option A.

“Considering the situation Bitmain is in, option A might be very tempting,” explains the Core developer.

Jameson Lopp: ‘[Upgrade] Optional, but Recommended if You Disagree With Unbounded Inflation and Crashes’

Crypto-Community Debates Bitcoin Core Bug and a 'Forced Upgrade'Some developers seemed to think the upgrade was not considered “forced.” Jameson Lopp says to the r/bitcoin moderator ‘Bashco,’ that maybe some people were triggered by the phrase “forced upgrade.” “I think some of them are triggered by the “forced” upgrade — Perhaps you should rephrase it as “optional, but recommended if you disagree with unbounded inflation and crashes,” Lopp states on Twitter.

“Exactly — Nobody is required to upgrade, anyone can audit the code before doing so,” Core contributor Eric Lombrozo explains in a response. “Critically, there are no deviations from expected consensus behavior — Language matters.”

The recent 2018 Core CVE is still being debated ferociously online in regard to whether or not the network is safe, if people really need to upgrade, and if the bug was handled correctly. As far as everyone saying it wasn’t a “big deal” most of the comments online from both developers and crypto-luminaries suggest the vulnerability was and still is an issue until everyone updates.

What do you think about the critical bug found in the Bitcoin Core client? What do you think about the debate over whether or not it was a big deal? Do you think this is a forced upgrade? Let us know your thoughts on this subject in the comment section below.

Images via Shutterstock, Pixabay, Bitcoincore.org, and Twitter.

Need to calculate your bitcoin holdings? Check our tools section.

Tags in this story
BCH, bitcoin cash, Bitcoin Core, Bitcoin Core Bug, BTC, client, Consensus, Critical Bug, Crypto-Community Debates, debate, Developers, Eric Lombrozo, Exploit, Forced Upgrade, implementation, Jameson Lopp, Luke-jr, Matt Corallo, Miners, N-Technology, Peter Todd, Theymos, Vulnerabilty
The Silk Road Investigation: A 'Pattern of Bad Behavior and Double Agents'
The Silk Road Investigation: A 'Pattern of Bad Behavior and Double Agents'

Kathryn Haun, a general partner at U.S. venture capital firm Andreessen Horowitz, has revealed in recent interviews how she helped… read more.

How Cryptocurrency Developers Can Earn Bitcoin Cash With REST APIs
How Cryptocurrency Developers Can Earn Bitcoin Cash With REST APIs

A recent video by Chris Troutner, Senior Javascript Developer at Bitcoin.com, points out a problem with anti-profit seeking approaches to… read more.

Jamie Redman

Jamie Redman is a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open source code, and decentralized applications. Redman has written thousands of articles for news.Bitcoin.com about the disruptive protocols emerging today.