A world in which the bug was exploited for an extended period of time before being caught and patched seems like a nightmare. However, this incident is another good example of disclosing and patching done right, considering the circumstances.
I know we touched on this subject on Tuesday, but an official “official” disclosure was released last night and it came with a scary revelation; there was a critical inflation vulnerability that afforded miners the ability “print” bitcoins out of thin air. Not ideal for a monetary protocol that is promising a hard 21M BTC cap. Again, we may have dodged a bullet by finding and patching this bug before it was ever exploited in the wild.
How do we know that the bug wasn’t exploited? Anyone running the patched version of Bitcoin Core (v0.16.3) would have to download the entire history of the blockchain and the new version would have pointed out when it was exploited. No such instances have been observed up to this point.
We are all extremely lucky that this bug was not exploited while it was in the wild and we are certainly not completely out of the woods yet as there are still nodes running the buggy software.
A world in which the bug was exploited for an extended period of time before being caught and patched seems like a nightmare. However, this incident is another good example of disclosing and patching done right, considering the circumstances. Initially, the DoS portion of the bug was the only thing disclosed to the public so the people involved with maintaining the repository could take the time to reach out to large economic players in Bitcoin and have them download the patched version of the Core client to mitigate any risks of nefarious attackers taking advantage of the bug before the patch was widespread.
IMO, we are extremely lucky that the people safeguarding Bitcoin’s codebase are as thorough (obviously not with the bug, no one man or team is perfect), diligent, and reactive as the Core team was this week. They turned it into overdrive to make sure this disclosure was done as best as possible.
With all this being said, this week was a reminder of how careful we must be with Bitcoin’s development and the pace at which we make upgrades. I think our boy Hasu put it perfectly.
And, as always, Pierre Richard does a great job of helping people understand Bitcoin’s consensus rules and incentive system to help us define how we currently interact with the protocol and how we should communicate this going forward.
Just had a 17 hour travel day to get to Eastern Europe. A lot of flying, one nausea-induced puke on a small plane, and a newsletter written from my phone in 3 different countries.
A phone which has a screen that could slice some roast beef right now with how shattered it is.
Not a bad Friday showing for Uncle Marty if you ask me.
Enjoy your weekend, freaks.