According to the report, an anonymous user originally filed a report about the denial-of-service bug to top developers of Bitcoin Core and Bitcoin ABC, the main software implementation of bitcoin cash. About two hours later, Chaincode engineer and Bitcoin Core developer Matt Corallo realized the bug could have been exploited to print unlimited bitcoin.
Based on the seriousness of the vulnerability, the developers decided to keep those details secret at first.
Instead, beginning with Slush Pool, they started pushing miners to upgrade. And for bitcoin users running a full node, the call to action is the same.
“You should not run any version of Bitcoin Core other than 0.16.3. Older versions should not exist on the network. If you know anyone who is running an older version, tell them to upgrade it ASAP,” bitcoin subreddit moderator Theymos remarked in a post currently pinned to the top of the forum.
Yet, another problem exists now – the possibility of a bitcoin chain split
Since users are now running different versions of the bitcoin software, there’s a risk the network will temporarily split into two, then come back together again. Transactions on the chain running old software, then, might ultimately be lost.
While the situation is being monitored closely, Theymos thinks the risk of this happening is small. But, he argued that people should still take precautions, such as waiting longer to make sure a bitcoin transaction actually gets verified.
What’s on some users’ minds, still though, is whether it’s possible the bug has already been exploited.
“How do we know if that vulnerability wasn’t exploited already and there is someone out there with a bunch of fake bitcoin?” asked one bitcoin user.
Luckily, Bitcoin Core contributor Pieter Wuille explained, due to the power of code, bitcoin users would have been able to detect suspicious activity by now.
When downloaded for the first time, full nodes double check every transaction made in bitcoin’s history. A node running the new software, 0.16.3, would detect the problem immediately.
Even so, questions remain regarding what would have happened if the bug wasn’t caught in time.
According to Theymos: “Even if the bug had been exploited to its full extent, the theoretical damage to stored funds would have been rolled back.”
Theymos continued, saying that rollback would be much like what happened during the so-called “value overflow incident” in 2010 when 187 billion bitcoins were created out of thin air but, ultimately, were destroyed.
Still, while Bitcoin Core, litecoin and several other coins that were based Bitcoin Core’s code have released a patch for the exploit, others have not – and might still be vulnerable to the inflation bug.
Code image via Shutterstock