Critical Bug Found in Bitcoin Core | Bitcointalksearch.org

Conasse

jr. member

Activity: 336

Merit: 5

Culotte Jaune Officielle

Better to read the news from Bitcointalk instead crap website like bitcoin.com

Quote

If you are currently running Bitcoin Core, then you must upgrade to 0.16.3 as soon as possible. You can download it from bitcoin.org or bitcoincore.org or via BitTorrent, and as always, make sure that you verify the download.

If you only occasionally run Bitcoin Core, then it is less urgent, though it would be best to upgrade as soon as convenient.

A bug was found which allows anyone capable of mining a sufficient-PoW block to crash Bitcoin Core nodes running versions 0.14.0 to 0.16.2. Stored funds are not at risk.

Since most altcoins are based on Bitcoin Core, I would guess that many of them are also affected, though I don't have any specific info on that at this time. Also, Core derivatives such as Knots are affected and have their own updates.

Main release thread: https://bitcointalksearch.org/topic/bitcoin-core-0163-released-5032424

https://bitcointalksearch.org/topic/dos-in-bitcoin-core-update-required-5032443

CrazyCraig

sr. member

Activity: 501

Merit: 340

Bye Felisha!

Quote from: franky1 on September 19, 2018, 03:33:55 PM

nope. bcause theres a few hundred nodes(10%) that were not core 0.14-0.16.2 even before 24 hours ago...
meaning if 90% were 0.14-0.16.2 now with 10% of those are now 0.16.3 thats only 80% that are stil 0.14-0.16.3

My apologizes, did not realize you were only counting .14+ nodes.

Anyway, all the nodes that I personally manage have been updated within the last 24. I suspect by the end of the week we will see about 30-40% of nodes upgraded. Outside of backing up data and verifying the packages, upgrading took less than 5 minutes and could be as simple as upgrading the PPA package if using ubuntu.

I agree with you on your decentralization points.

--

Quote from: LeGaulois on September 19, 2018, 03:58:09 PM

The bug is patched already. Users just need to upgrade to the 0.16.3 version and even if they don't immediately, their coins are not in risks.
It' not the type of bug that put Bitcoin core at risk, nor the market will be influenced from this news.

You are correct as it is patched. The point was that only 10% of the network is using the upgraded binary putting the rest of it at risk. While extremely unlikely, it is entirely possible the network could be at risk for a 51% attack and the price being brought down.

LeGaulois

copper member

Activity: 2940

Merit: 4101

Top Crypto Casino

The bug is patched already. Users just need to upgrade to the 0.16.3 version and even if they don't immediately, their coins are not in risks.
It' not the type of bug that put Bitcoin core at risk, nor the market will be influenced from this news.

franky1

legendary

Activity: 4396

Merit: 4755

Quote from: CrazyCraig on September 19, 2018, 02:13:58 PM

Quote from: franky1 on September 19, 2018, 02:09:15 PM

right now only 10% of the network is using 0.16.3
meaning over 80% of the network is still at risk

10% upgrading in just 24 hrs is pretty good in my opinion. Especially the precautions that wallet operators must take when upgrading (Backing up, testing, etc).

Also, do you mean 90%?

nope. bcause theres a few hundred nodes(10%) that were not core 0.14-0.16.2 even before 24 hours ago...
meaning if 90% were 0.14-0.16.2 now with 10% of those are now 0.16.3 thats only 80% that are stil 0.14-0.16.3

the network was not 100% 0.14-0.16.2 (though those few hundred nodes outside of the risk are still sheep to core in other ways)

however we need to make it more like 20-50% all the time diversity.. not 90%
and we need to make it so that core is less of a kingdom/monarchy and bring back diverse consensus.
dare i say it without getting the or defenders riled up

we need diverse decentralisation to return.. not biased distribution which is what we have been experiencing for the majority of 2013-2018

edit:
technically the older nodes(blow 0.14) shouldnt cound as they are not part of the 'inner circle' of the kingdom or being a block/transaction relayer. they are more defined as the 'downstream(gmax buzzword)' or 'filtered nodes(lukeJR buzzword)' on a outer circle of the network.
so crazy craig. your right the percentage i quoted of 80% is technically higher if you brush the older nodes out of the stats

CrazyCraig

sr. member

Activity: 501

Merit: 340

Bye Felisha!

Quote from: franky1 on September 19, 2018, 02:09:15 PM

right now only 10% of the network is using 0.16.3
meaning over 80% of the network is still at risk

10% upgrading in just 24 hrs is pretty good in my opinion. Especially the precautions that wallet operators must take when upgrading (Backing up, testing, etc).

Also, do you mean 90%?

franky1

legendary

Activity: 4396

Merit: 4755

Quote from: Parodium on September 19, 2018, 01:44:19 PM

Doesn't seem like this bug places any risk on stored wallet funds, so it is unlikely to have much of an affect on the market. As the article says, the bug has already been fixed, cudos to the Bitcoin Core team for such a quick response.

the bug causes nodes to crash. a patch has been released /core client update released. but that does not mean that its solved.
people need to download the software. and run it

right now only 10% of the network is using 0.16.3
meaning over 80% of the network is still at risk

again 80% of the network is still at risk. this its not fixed. its just made available a tool that can fix it.
imagine it like an engine. engineers found the issues needs a special spanner to fix it. they made the spanner but now people need to use the spanner to fix it.

anyway the deeper issue is we need to decentralise the 'reference client' to stop being the center. there needs to be a change of mindset and to allow other teams to make their own clients that work onchain in consensus without being treated as attacking a king.
get rid of the kingdom and instead allow united states on the same level playing field. that way there would be diversity on the network and no 80-90% network dropping scenario

CrazyCraig

sr. member

Activity: 501

Merit: 340

Bye Felisha!

The bug found basically allows a malicious node to flood a bitcoin core node and crash it. As this is a peer based attack, your wallet would remain safe and all funds protected.

I am not familiar with the repercussions of the attack, but I am assuming they mean crash as in it is recoverable. With that being said, most large scale node operators have implemented provisions that would restart the software in the event of a crash, and also have implemented proper firewall and security rules to ban any malicious attacker way before this exploit was discovered.

With a large scale attack it is very likely that the market could be affected but the chances are very marginal and the price would most likely recover very shortly.

With that being said, this isn't the only DDOS based wallet attack out there and more will be discovered. There will always be vulnerabilities in software.

Parodium

sr. member

Activity: 1036

Merit: 332

DMs have been disabled. I am busy.

Doesn't seem like this bug places any risk on stored wallet funds, so it is unlikely to have much of an affect on the market. As the article says, the bug has already been fixed, cudos to the Bitcoin Core team for such a quick response.

sandra_x

member

Activity: 574

Merit: 14

Here is a link to an article I think will be worth mentioning, I am not sure what the implications are for us bitcoin holders, or the impact it could have for bitcoin prices or its security.
https://news.bitcoin.com/critical-bug-found-in-bitcoin-core-invokes-the-multiple-client-argument/?utm_source=OneSignal%20Push&utm_medium=notification&utm_campaign=Push%20Notifications

Maybe some education may be proper. I think it is also related to a thread by Thymos https://bitcointalksearch.org/topic/dos-in-bitcoin-core-update-required-5032443

Topic: Critical Bug Found in Bitcoin Core (Read 136 times)