According to a press release issued by Bitcoin Core on September 18, the company had detected a crucial denial-of-service (DoS) vulnerability in Bitcoin Core 0.14.0 and has now fixed it. So, the new Bitcoin Core 0.16.3 is now bereft of this bug. This severe vulnerability was tracked as CVE-2018-17144 and had the potential to destroy Bitcoin nodes.
An exploitation of the DoS could crash Bitcoin Core when trying to validate a block containing a transaction spending the same input twice. Such blocks can be only created by a miner since they are invalid. Due to this flaw, miners could effectively prevent others from receiving the 12.5 BTC block reward worth about $80,000. If an attacker controls malicious nodes to the Bitcoin network and then causes a crash, he can execute a 51% attack on the Bitcoin network and manipulate transactions for his own benefits.
The new update slims down the chances of a possible crash by enabling the software to ‘quietly reject’ invalid blocks created by miners.
Jason Glassberg, co-founder of Casaba Security said, ‘[It] can take down the network…That would affect transactions in the sense that they cannot be completed, but does not appear to open up a way to steal or manipulate wallets.’
One good news for bitcoin users is that most of them would not have to take much trouble to keep themselves protected. The developers assured that ‘stored funds’ were not at risk. But it could affect those using the Lightning network, an in-development transaction layer that allows quicker and cheaper transactions.
Users operating a network node or using the Bitcoin Core wallet are therefore advised to upgrade to the latest version immediately. Not doing so would keep them vulnerable to attacks by malicious users. The upgrade is a very simple and user-friendly process. Users however, need to note that the new wallet will have to re-download the entire blockchain and then downgrade to an older version after the fact is not supported.
Applauding Bitcoin Core’s efforts to resolve the potentially disastrous flaw, Cobra Bitcoin, co-owner of Bitcoin.org, said that it was a ‘very scary bug’ that could have affected a ‘huge chunk of the Bitcoin network.’