A previously undisclosed vulnerability in the Bitcoin Core software could have allowed attackers to steal funds, delay settlements or split the largest blockchain network into conflicting versions had it not been quietly patched two years ago.
That’s according to a paper published Wednesday by Braydon Fuller, a protocol engineer at crypto shopping site Purse, who caught the vulnerability in June 2018, and Javed Khan, a core developer of the Handshake protocol.
The vulnerability was given a severity level of 7.8 on a scale of 1 to 10, which is deemed “high” (9 or above is considered “critical”). It was caused by “remote nodes” failing to clear invalid transactions from their memory, Khan told CoinDesk.
The inability to clear those transactions could lead to an aggressor flooding a victim node with stale data in what is referred to as “uncontrolled resource consumption,” eventually causing the node to shut down, the paper states.
Layer 2 (L2) solutions such as the Lightning Network, the experimental payment system built on top of the Bitcoin blockchain, were at risk due to the vulnerability. Bitcoin full nodes were not at risk of losing funds.
“There was no mechanism to make sure that the pending details of a transaction are valid or not. In certain cases you could fill up the remote memory with invalid transactions,” Khan said.
No attempt to take advantage of the hole was found in the wild, Khan and Fuller wrote. The vulnerability could not be disclosed publicly for over two years as node operators took longer than expected to update, Fuller said.
While the vulnerability was fixed, its disclosure highlights the difficulties of building a global money standard on programming languages created by humans, not to mention the high technical barriers to engaging in development of the top cryptocurrency.
The vulnerability was introduced to Bitcoin Core in November 2017. Some 50% of Bitcoin nodes at the time were exposed to the attack vector, according to the paper. Earlier versions of Bitcoin Core were not affected.
Bitcoin Core and more
Khan said that the vulnerability could have enabled an attacker to steal funds from nodes that had open channels on Lightning.
Bitcoin Core versions 0.16.0 and 0.16.1 were affected and patched by developer Matt Corallo following Fuller’s disclosure to the core team in July 2018. Corallo did not answer questions seeking comment by press time.
The discovery by Fuller (who has also worked as lead developer at decentralized cloud storage protocol Storj) was followed by another Bitcoin bug addressed two months later in Bitcoin Core 0.16.3. Also a vector for a denial-of-service attack, one aspect of that bug allowed miners to “inflate the supply of Bitcoin” as they could double-spend certain values, the Bitcoin Core team wrote at the time.
The emergency patch issued in that Bitcoin Core version addressed Fuller’s bug as well, Khan and Fuller wrote.
A spot was reserved for the resource consumption vulnerability on the National Institute of Standards and Technology’s Common Vulnerabilities and Exposures (CVE) registry as CVE-2018-17145 in 2018, but it has yet to be filled out. The registry acts as a public glossary for software bugs of note.
Bitcoin Core is the reference implementation, or standard version of the network software from which others are derived. According to the paper, the exploit was also possible on several other implementations of Bitcoin and its offshoots:
- Bitcoin Knots v0.16.0
- All beta versions of Bcoin up to v1.0.0-pre
- All versions of Btcd up to v0.20.1-beta
- Litecoin Core v0.16.0
- Namecoin Core v0.16.1
- All versions of Dcrd up to v1.5.1.
All of these implementations have been patched.
UPDATE (Sept. 9, 13:30 UTC): Added a link to the paper and a more up-to-date company affiliation for Braydon Fuller.
UPDATE (Sept. 10, 1:55 UTC): The vulnerability status of Bitcoin full nodes was added after publication for further clarification.