There was a private disclosure of the vulnerability of Bitcoin cash, one of the key cryptocurrencies right at the moment, on April 25th, 2018. A successful capitalization on this vulnerability would have had serious ramifications since there would have been a huge disruption in the transacting of Bitcoin cash. Transacting in such risky circumstances would greatly undermine the utility and value of the cryptocurrency. Thankfully the bug was quietly identified and fixed without any drama and before it could cause any disruption or trouble in transacting. The neutralization of this threat was disclosed publicly on May 7, 2018.
The cryptocurrency which has been mistaken for Bitcoin in the past is not similar to Bitcoin though it derives its name from Bitcoin since it is derived from it. Thus the threat did not affect Bitcoin as a few had feared. The person who first noticed the bug is a contributor to the digital currency initiative of MIT Media Lab. The initiative was set up to do research and to develop cryptocurrencies. The contributor, who is regarded as the savior of Bitcoin cash after spotting the potentially catastrophic bug, is a developer of and helps maintain Bitcoin core. Bitcoin core is the primary software implementation for Bitcoin. The work he puts in for Bitcoin has earned him audiences at various workshops and conferences where he often has to tackle the question, what will be Bitcoin’s greatest challenge in the future?
The developer’s answer always remains the same which is, Bitcoin has to avoid catastrophic software vulnerabilities. The developer added that tackling the bug that had threatened to disrupt Bitcoin cash transactions had led him to the realization that software bugs had been greatly underestimated in the crypto world. The developer also stated that he had decided on presenting a detailed report of the serious bug not as an affront to Bitcoin cash but as proof of how much more needed to be done in order to realize the top level engineering standards that crypto is yet to live up to.
Details of the bug itself involved a significant omission of a critical check of a certain bit in the signature type. The report identifies the bit as SIGHASH_BUG. The omission would have left room for the splitting of the Bitcoin cash blockchain into two incompatible chains. Cryptocurrencies work on straightforward rules of you can only spend what you have and the software is tasked with enforcing such rules. This is set up such that a transaction that disobeys the rule by for instance seeking to spend what one does not have will simply be rejected. In case of a bug though, the system might end up accepting a transaction that is not within the rules which will lead to a “chain split. Unless there is urgent intervention by developers this split will mess up the chain rendering future transactions impossible.
When a bug causes a split such that 99% of users are on one side and 1% is on the other side, the obvious correction would be to side with the 99%, but if a split causes a 50-50 rift such as the case of Bitcoin cash then correcting it is way more difficult. The developer revealed that he first got suspicious while working through Bitcoin’s ABC change-logs early this year. It took only 10 minutes of digging to find the bug. He further disclosed that there was a genuine threat of someone capitalizing on the bug before it could be fixed. He also recounted fearing for his life if he had disclosed the bug using his name since he would have had no way of proving his innocence in case the bug was made use of. All this informed his decision to stay anonymous.
Thankfully Bitcoin ABC developers fixed the issue after hours of tension without incident. The developer now feels that his report on the bug will benefit the ecosystem greatly by learning from it to avoid future issues.