Storj protocol developer Braydon Fuller told of a previously unknown vulnerability in Bitcoin Core software. The bug could allow attackers to steal funds, delay payments and even split the blockchain into conflicting chains. According to CoinDesk.
According to Handshake protocol developer Javed Khan, “remote nodes can fill up with invalid transactions,” which cannot be removed from memory. The accumulation of stale data could lead to “uncontrolled resource consumption” and ultimately crash the node.
“There was no mechanism to verify that the details of a pending transaction were valid. In some cases you could fill remote databases with invalid transactions,” Khan explained.
Both Khan and Fuller stressed that there had been no reported attempts by attackers to exploit the bug. They said information about the bug had remained undisclosed for a long time because nodes needed time to update.
The Handshake developer added that the vulnerability could allow attackers to steal funds from nodes with open connections to the network’s second-layer Lightning Network.
The bug was identified as far back as July 2018. It was assigned a severity of 7.8 on a ten-point scale.
The vulnerability resided in Bitcoin Core clients versions 0.16.0 and 0.16.1. It was fixed by developer Matt Corallo after receiving the relevant information from Fuller.
In August was released version 0.20.1 of the Bitcoin Core client. In its code, the status of nodes relaying incorrect blocks to the network was downgraded.
Follow ForkLog on Twitter!