awemany-bitcoin-unlimited-core-bug

Have you seen this? Have you heard about this?  Last week a “critical” bug was found. The so called “CVE-2018–17144” bug.  It was called one of the “nastiest bugs ever”, and there has been a mad rush to patch the code and upgrade nodes.  It affects BTC, BCH, LTC, DASH, and other coins. Thankfully, no one got hurt (so far anyway).

Here’s 7 crazy things about this bug:

1.  It went undetected for 2 years

Yep.  It was lurking… deep in the shadows.  It all started with a code change from back in 2016 when BTC developer Matt “BlueMatt” Corallo decided it would be a good idea to remove an “extra” validation check to shave off a few microseconds from the block processing time.

2. It was discovered by a Bitcoin Cash developer

Really? What? I heard the BCH only has Mickey Mouse developers? I thought Bitcoin BTC was supposed to have hundreds of contributors and the best software engineers in the world.  What is going on here? Turns out BCH has a lot of talented people working on their project. And he was nice enough to responsibly disclose the bug.

  1. Donation rewards are pouring in

The developer who discovered and reported the bug put a donation address up and received over 35 BCH at the time of this writing, which is currently worth a cool $18,000. There’s also a matching a BTC address, which received a single donation of 0.03 BTC. Noice.

  1. The bug could have caused extra coins to be mined/minted

The predictable issuance and hard limit of 21M Bitcoins is sacred to many.  But this bug could have violated the sanctity of supply. Had it been activated, it would have threatened lambo dreams everywhere and is almost too horrible to even contemplate.

5. The “Code is Law” ethos was brought into question

Given the extreme consequences of what could have happened, it raises deep and disturbing questions.  Would we have rolled back the ledger to avoid changing the coin supply? What happened to “code is law”?  What happened to the immutability of the ledger? The sticky situation has been discussed in an article here.

6. The whole thing was allowed to be discussed on r/bitcoin

The BTC-centered subreddit, infamous for bans and censorship, seems to be allowing a pretty free discussion of the issue, even though it makes BTC (and its core developers) look bad, for a few different reasons.  But I guess something this big you can’t hide so why bother trying. Amirite?

7. Put your tin foil hat on.  It’s possible this bug was an intentionally planted time bomb in Bitcoin

There’s absolutely no proof this is true; its just wild conjecture.  But on the other hand, its not just possible, but plausible. As the developer who found the bug pointed out: what better way to kill Bitcoin than introduce an inflation bug?  And what better way to do than creating 2 different code changes that by themselves do nothing bad, but when combined with other innocent looking “refactoring” spells disaster?  Things that make you say hmmm…