Sunday, 21 October 2018

Bitcoin dev finds potentially crippling security flaw in Bitcoin Cash

Hackers could have split its blockchain in two


Another massive security vulnerability in a major cryptocurrency has been discovered, just sitting there, waiting to be exploited – and this time around it’s Bitcoin Cash.

Its blockchain was open to being jammed with a toxic block that would have caused complete consensus failure. The bad block would have split the cryptocurrency in two, halting transactions and crippling its utility and price.

Cory Fields, who discovered the bug, reflected on its impact. Fields is a Bitcoin Core developer for the Digital Currency Initiative at the MIT Media Lab. He detailed the entire process, from discovery to anonymous submission, in a blog titled Responsible disclosure in the era of cryptocurrencies.

“Working through this bug, which certainly had the potential for catastrophe, has reaffirmed my belief that the threat of software bugs is severely underestimated in the cryptocurrency world,” writes Fields. ”[This] is a real-world example of how much work is still required to reach the sophisticated level of engineering that cryptocurrencies require, and as a wake-up call to companies who have not adequately prepared for this type of scenario.”

Cryptocurrency engineer Eric Wall took to Twitter, lambasting the project for having missed such a glaring vulnerability. Although it has since been patched, it does call the possible reality of a market dominated by Bitcoin Cash $BCH▼1.96% into question. After all, it wants to be the real Bitcoin.


Eric Wall
@ercwl
If BCH had successfully conquered the name "Bitcoin" and this consensus failure bug had been exploited live, losing people billions $$$, the reputational damage would have been irreparable not just for Bitcoin, but for the entire public trust in crypto.

Please respect the devs!

Jimmy Song (송재준)
@jimmysong
Wow. BCH had a consensus vulnerability. Core dev Cory Fields anonymously lets them know. They fix and continue without the issue. Read the whole thing.




If anything, 2018 is being defined by its security vulnerabilities. Cryptocurrency is software – sure, there’s going to be bugs. Indeed, it’s a fact of life – but disclosures, once potentially earth-shattering, are now having less impact. They’re a dime a dozen and we have just accepted that no blockchain really works as it should.

EOS, in particular, has found its best to attract hackers with honey, lots of honey. Their bug bounty has distributed $417,000 since May – two-thirds of all HackerOne bounties claimed this year.

So, until Elon Musk creates a blockchain programming AI that fixes up all the code, we’re stuck with a system built on trust. We do know that hackers are exploiting bad code regularly, but we trust that the majority would rather fix a project than destroy it – however naive it may be.


source: thenextwe.com 

Legal disclaimer: The insight, recommendations and analysis presented here are based on corporate filings, current events, interviews, corporate press releases, and what we've learned as financial journalists. They are presented for the purposes of general information only, and all the information belongs to the original publishers. These may contain errors and we make no promises as to the accuracy or usefulness of the information we present. You should not make any investment decision based solely on what you read here.

Creamcoin Marketcap