The most serious bitcoin bug in nearly a decade could have led to an artificial increase in bitcoin’s supply according to a new announcement by Bitcoin Core, bitcoin’s main client.
“This could allow a miner to inflate the supply of Bitcoin as they would be then able to claim the value being spent twice,” Bitcoin Core said.
All are now being asked to upgrade to the new client, with half of miners believed to have done so and apparently all exchanges.
The bug was caused due to removal of checks on whether certain transactions are double spends in November 2016. That means for the past two years a miner could have designed transactions in such a way as to allow him to spend the same bitcoin twice.
In addition, while previously some argued such double spending attempt would only lead to nodes crashing, now it is revealed that in fact suggestions this could have led to artificial inflation were actually true.
That’s because some of the latest versions, prior to the emergency fork version, had changed the code that would have made nodes crash.
Astonishingly therefore, not only could have there been such double spending, but we might have not even known for months until someone finds the bug.
That’s because nodes would have not even noticed the breach of the intended rules. Other miners, thus, would have built on top of the invalid-in-spirit block, which means the double spent coins then become “real” coins. So if it was say 100 btc, and it was double spent in the above fashion, then there would be 21 million and 100 bitcoins in total.
We are told this hasn’t happened, but thorough checks will now need to be carried out preferably by independent third parties because this failure appears very serious and very basic.
It is incredible that the five devs did not know just how big a mistake they were making when the code they were removing said “check for duplicate inputs.”
The devs in question being Matt Corallo of then Blockstream now Chaincode Labs, who proposed this bug, Gregory Maxwell of then CTO of Blockstream, who approved it without testing, Pieter Wuille of Blockstream who seemingly pushed for it, Cory Fields of MIT who said it “looks good to me,” and Wladimir van der Laan, the current Bitcoin Core maintainer who merged this bug and “sent” it to the nodes.
The bitcoin network now has to upgrade to re-instate those checks with this effectively being a hardfork because a chain-split may occur as older clients would consider a certain block as valid and would built on top of it, while newer clients would reject it if the block has a crafted double spend.
Thus all are urged to upgrade as a matter of urgency, but of course do carry your own checks because as they say, don’t trust, verify.
Bitcoin Core says “at this time we believe over half of the Bitcoin hashrate has upgraded to patched nodes.” There are suggestions exchanges have upgraded. That may mean risks are lower than they were, but it might currently be a bit of an edgy time to transact in bitcoin as a small capricious miner could cause a chain-split.
The chances of that may be low, but the main lesson out of this may be that the bitcoin ecosystem now has no option but to get a competing team to launch a compatible client independent of Bitcoin Core so that if likewise hidden bugs are exploited, then at least we know.
The situation for the past two years has been one where we would have had no clue, until much after the event and perhaps after much damage which may have led to much debate on whether the double spent inflated coins can even be rolled back as so many transactions might have needed to be rewinded with it.
And it has been so because bitcoin currently is whatever Bitcoin Core says. Something which may have been fine when the ecosystem was small, but with so much money now on the table and with different people having different shades of hats, just one main client used by all miners sounds like a pretty bad option.
Bitcoin of course is open source and permissionless, so miners could launch their own client if they want. It would be compatible, like Geth and Parity in ethereum, so it’s not changing the rules, more double or even triple confirmation that the rules are actually being followed.
Regarding the current upgrade, there will necessarily be discussions on the semantics of whether this is a hardfork or softfork or whatever else, but Luke-Jr of Blockstream says:
“Everything older than 0.16.3 (and the corresponding 0.14 and 0.15 fix releases) is vulnerable to one exploit or another.”
So it is a softfork if you want to be vulnerable as a node operator and as a miner it is a softfork if you want to be forked off the network. Making it very much a hardfork.