Posted on

Coder Proposes Alternative to Bitcoin’s ‘Notoriously Unreliable’ Testnet

Introduced Wednesday, a new proposal called Signet offers a fresh alternative to bitcoin’s test network. The software plays a crucial role for developers, serving as a place where they can test their apps, to make sure they work reasonably well on the network by putting only test money on the line. Further, protocol developers can […]

Posted on

BitMEX Owner Awards $60K Grant to Bitcoin Developer Michael Ford

Bitcoin Core contributor, Michael Ford, has been awarded a $60,000 grant by the parent firm of top crypto derivatives platform BitMEX.

Bitcoin Core contributor Michael Ford, aka “fanquake,” has been awarded a $60,000 grant by the parent firm of top crypto derivatives platform BitMEX.

In an official announcement published on July 12, BitMEX owner and operator HDR Global Trading revealed its decision to award Ford the grant, noting that he has just recently been made the latest official maintainer of the Bitcoin Core software project. 

This means that the developer’s key has been added to the “trusted keys list” file on GitHub — giving him the ability to merge in changes to the Bitcoin Core codebase.

HDR Global Trading has presented its decision as a way of offering material support to those who work — usually on a voluntary basis — to further the development of cryptocurrency:

“HDR Global Trading Limited, like all other companies in the cryptocurrency space, relies heavily on the (mostly-volunteer) work of coders dedicated to the mission and ideals of Bitcoin. This work is difficult, demanding, and often thankless. We believe it is the duty of corporations to give back to the projects from which they benefit – and from which their very business model stems.”

The post outlines that the grant is exclusive and requires Ford to work on Bitcoin Core in his capacity as a Core software maintainer — pointing to issues such as further developing the network’s robustness, scalability and privacy.

Equally, HDR Global Trading claims that the grant is awarded on a “no-strings-attached” basis — presumably implying that Ford will not be expected to contribute to BitMEX itself.

The announcement emphasizes that it is only thanks to the critical development work of developers such as Ford that platforms such as BitMEX have sealed their success:

“Without the millions of free man-hours from dedicated OSS developers powering everything from our operating systems, to our web servers, to our ops tools and Bitcoin itself, the BitMEX trading platform could not have been built.”

HDR Global Trading has also recently made an “unconditional” donation to the MIT Digital Currency initiative — which conducts research into the development of the global crypto ecosystem — noting at the time that it was particularly keen to help support the work of Bitcoin Core developers Wladimir van der Laan and Cory Fields. 

In late June, BitMEX — the world’s single biggest bitcoin derivatives provider — posted record volumes across its operations as bitcoin (BTC) hit $13,000. The platform reported $1 billion of open interest in the market, with trading topping $13 billion and above $16 billion across the BitMEX’s full product range.

Posted on

Inflation Bug Still a Danger to More Than Half of All Bitcoin Full Nodes

Eight months after the discovery of the inflation bug, more than half of the full nodes on the bitcoin network are still running client versions susceptible to the vulnerability.

Figures published by bitcoin core developer Luke Dashjr show that more than half of the full nodes in the bitcoin network are still running client software vulnerable to the inflation bug discovered in September 2018.

This revelation poses some danger to the network, as software vulnerabilities are a clear and present danger to the fidelity of bitcoin (BTC). Now that the top-ranked cryptocurrency is in the midst of a positive price run, it is perhaps important that steps are taken to eradicate the inflation bug problem for good.

Most bitcoin full nodes still vulnerable to the inflation bug

As reported by Cointelegraph on May 8, research by Dashjr shows that more than 50% of full nodes on the bitcoin network are still running software versions of the bitcoin client that are susceptible to the inflation bug.

However, from that time, the figure has fallen slightly from about 60% to 54%. This means that, in the last few days, some full nodes have upgraded to a more recent client software update.

Back in September 2018, developers first discovered the inflation bug — which, in theory, could allow miners to inflate the total bitcoin supply beyond the 21 million BTC by spending multiple unspent transaction outputs (UTXOs) in the same transaction.

Given the nature of the bug, the developers kept it a secret, quietly releasing a new version of the client. An excerpt from the September 2018 common vulnerabilities and exposures (CVE) report released by Bitcoincore.org reads:

“In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade. On September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated.”

One key takeaway from Dashjr’s analysis is the total number of full nodes on the bitcoin network. Most bitcoin literature sources put the number of full-node numbers at somewhere approaching 10,000.

However, Dashjr opines that this number is closer to 100,000 and that the reason for this discrepancy lies in the fact that many sources only account for nodes actively listening on the network.

Called listening nodes, these full nodes have open port connections that can be probed. However, not all full-nodes are listening nodes; some, hidden behind firewalls or configured to not actively listen for new connections, don’t have easily discoverable open port connections.

The severity of the inflation bug

To understand the severity of the inflation bug, it is important to know the mechanism by which the problem could be exploited. This process would involve a summary explaining of the double-spend attack, the inflation bug itself and the problems that could arise if left unchecked.

Bitcoin’s early success lends itself greatly to Satoshi Nakamoto’s — the creator of bitcoin — brilliant solution to the double-spending problem that had prevented the successful deployment and implementation of prior virtual currency systems.

By creating an immutable ledger with nodes validating transactions, it became almost theoretically impossible to spend the same UTXO in two different transactions.

The severity of the inflation bug

However, what happens when, instead of spending the UTXO in two different transactions, a malicious actor tries to use one transaction to spend UTXO multiple times? Because of the way bitcoin is engineered to work, this action would mean creating new coins virtually out of thin air, thus inflating the total supply — ergo, the inflation bug.

Several successive updates to the bitcoin software have tried to improve the blockchain’s immunity to the first type of double-spend attack. However, by the Core 0.14.x version of the bitcoin software client, developers began to notice there was a possibility of a distributed denial of service (DDoS) vulnerability in the software client.

The bug allowed a malicious attacker to crash nodes running the 0.14.x software version by attempting to spend the same UTXO twice. In this iteration of the bug, the objective would have been to crash as many nodes as possible and not necessarily inflate the total bitcoin supply.

In trying to fix the problem, the next released update, 0.15.0, included features that inadvertently allowed a malicious attacker to double spend the same UTXO in one transaction. Instead of causing a system crash, this new bug caused older software clients to recognize such double-spend transactions as valid.

Upon discovery, developers again released a new version of software before announcing it to the wider cryptocurrency community. However, several months after the issue ought to have been solved, it appears that more than half the full nodes on the network are still running client implementations vulnerable to the bug.

Cointelegraph spoke with Dashjr about the implication of the inflation bug, to which the bitcoin developer replied:

“The inflation bug is in practice a network-wide risk. It would allow a 51% miner attack to cause inflation (something such attacks can’t normally do). The inflationary chain would only be accepted by vulnerable nodes and light wallets.”

Expanding further on the dangers posed by the bug, Dashjr went on to say:

“It makes what was thought to be a full node, actually just a light wallet in that one respect. If more than a small minority use light wallets, miners get to make up the rules.”

All nodes have to do is upgrade

Whenever developers discover a bug of this nature, the solution is always to get nodes to upgrade to a newer version of software that hopefully has features that eliminate the problem. Sometimes, this process may lead to the emergence of another problem — as seen in 2018, when solving the DDoS bug caused the inflation bug to manifest.

When asked by Cointelegraph what should be done about the situation, Dashjr’s answer was simple and straight to the point:

“Everyone upgrading to a fixed full node.”

While this process is ongoing, does the bitcoin network face any credible risk stemming from the fact that half of the full nodes are vulnerable to the inflation bug? The answer to the question might lie in who really holds the true power in the network: miners or developers?

In 2018, bitcoin developer, Jimmy Song expressed the view that rogue miners trying to take advantage of the inflation bug would find it nearly impossible to succeed. For one, Song said that not every full node runs the bitcoin core, a large number prefer to deploy custom iterations of the bitcoin client.

The fact that some nodes do not run the core client already diminishes the attack because such nodes will reject the block containing the inflated UTXOs. If a significant number of miners reject the tainted block, then a chain split likely occurs.

Back in 2010, during the “value overflow incident” discovered in block 74,638, developers published a new update to the client in less than five hours, solving the problem. The block in question contained a transaction that created about 184 billion BTC for three addresses, with two addresses receiving 92.2 billion BTC and the miner responsible for solving the block getting 0.01 BTC.

The discrepancy only lasted for the next 53 blocks, and by block height 74,691, all traces of the value of overflow no longer existed on the network. Nodes that initially accepted the chain split with the tainted block soon began to revert to the chain split that didn’t contain the inflated block.

The same applies to the inflation bug: Once the split occurs, developers and others on the network would begin to notice, as Song explained in this excerpt of his blog post, which reads:

“Because of these irregularities, people on the network would soon have tracked this down, probably have alerted some developers and the core developers would have fixed it. If there was a fork, the social consensus at that point about which is the right chain would start getting discussed and the chain creating unexpected inflation would have likely lost out. If there was a stall, there likely would have been a voluntary rollback to punish the attacker.”

For Song, given the economics of the attack, it is unlikely that rogue miners would want to employ such a tactic. However, the bitcoin educator said that hackers working for countries with anti-bitcoin sentiments could exploit the bug to destroy the network.