This is the story of how Corey Fields, a highly respected Bitcoin Core developer working (alongside Gavin Andresen) for the Digital Currency Initiative at the MIT Media Lab, discovered and reported a critical vulnerability in Bitcoin Cash, which could have caused the BCH blockchain to be split in two. It is important to note that the now-fixed bug only affected Bitcoin Cash (BCH) and not Bitcoin (BTC). Although the bug was reported in April 2018 and fixed in May 2018, it was not until 9 August 2018 when Corey decided to tell his story in a post on DCI's Medium blog.

Althoug Corey works for the MIT Media Lab’s Digital Currency Initiative (DCI), a research community whose goal is to “to bring together the brightest minds at MIT and elsewhere to conduct the research necessary to support the development of digital currency and blockchain technology.” More specifically, Corey’s main responsibility is to “help develop and maintain Bitcoin Core, Bitcoin’s primary software implementation.”

Corey explain that the reason for telling this story is not make fun of Bitcoin Cash, but to increase awareness of the threat posed by software bugs to the crypto space:

“Working through this bug, which certainly had the potential for catastrophe, has reaffirmed my belief that the threat of software bugs is severely underestimated in the cryptocurrency world. I’m presenting a detailed report of this incident not as a slight against Bitcoin Cash, but as a real-world example of how much work is still required to reach the sophisticated level of engineering that cryptocurrencies require, and as a wake-up call to companies who have not adequately prepared for this type of scenario.”

What Was the Bug?

“In short, a portion of the transaction signature verification code was rewritten, but the new code omitted a critical check of a specific bit in the signature type. I refer to that bit in the disclosure as SIGHASH_BUG. This omission would have allowed a specially crafted transaction to split the Bitcoin Cash blockchain into two incompatible chains.”

Chain Split Bugs

  • “The software tasked with enforcing the validation rules will always need to evolve. Changes are constantly being made to improve performance, add features, improve security, etc. It is critical, though, that the rules are enforced exactly the same way from one version to the next.”
  • “So what happens when an accidental programming bug in a new version of the software causes a transaction to be considered valid when all previous versions of the software reject it as invalid? The result is a “chain split,” and it means that only the subset of participants who have upgraded their software will accept the transaction in question. And since transactions and blocks are chained together, the two subsets will disagree on every transaction that follows. Without quick action from developers and a campaign to align all participants on one side of the fork or the other, the two camps of participants will never again be able to agree. At that point, the currency has effectively been split into two incompatible currencies — transacting as before will no longer possible.”

How the Bug Was Discovered

  • Because Bitcoin Core is free, open-source, and well-tested, it is used as the starting point for many new cryptocurrencies. Bitcoin Cash’s primary software implementation, Bitcoin ABC, is based on Bitcoin Core.
  • Because these derivative projects typically have similar bugs (and bug fixes), Corey often looks through the source code of these projects to see if there are any fixes that should be incporporated into the Bitcoin Core code.
  • One day in April, while Corey was going through Bitcoin ABC’s change logs, he noticed that one important part of Bitcoin ABC’s transaction validation code has been “refactored” (i.e. modified to improve maintainability rather than to change functionality) and only two reviewers had looked at the change before it got accepted.
  • Corey decided to examine this code since a large number of lines had been changed and the code had received only a minimal review. After only 10 minutes, Corey was able to spot the critical bug.

How the Bug Was Reported

  • Had Corey privately reported the bug to the Bitcoin ABC development team and someone else had found and expoited the bug a short time later, Corey could have been accused of being the attacker, and because billions of dollars could have been lost as a result of an attack on the network.
  • So, out of concern for his safety, Corey decided to find a fully anonymous disclose method. 
  • Since Bitcoin ABC had no official “responsible disclosure” policy, Corey had to find the published encryption keys for one of the lead Bitcoin ABC developers so that he could send that person an encrypted message.
  • Eventually, on 25 April 2018, via  a plea on GitHub, Corey was able to get hold of the PGP public key for one of the Bitcoin ABC developers, which he then used to send an encrypted message to Bitcoin ABC’s bug tracker on 26 April 2018.
  • On 27 April 2018, Corey found out that his report of the bug had been received because he noticed on GitHub that a “pull request” for fixing the bug has been opened.
  • The Bitcoin ABC team fixed the vulnerability, and they publicly disclosed it on 7 May 2018.

Response From the Bitcoin ABC Team

Yesterday, the Bitcoin ABC team expressed their gratitude to Corey for the way he had handled this situation:

 

Featured Image Credit: Photo via Pexels.com