Bitcoin Core developer Cory Fields discovered a critical vulnerability in the Bitcoin Cash code. And it was a long way for him to find an appropriate way to contact BCH developers and inform them anout the bug.
Cory Fields working for the Digital Currency Initiative at the MIT Media Lab wrote a story in a blog post on Medium telling about how he discovered in the Bitcoin Cash code bug and tried to contact Bitcoin ABC developers in order to let them know about the vulnerability.
“On April 25, 2018, I anonymously and privately disclosed a critical vulnerability in Bitcoin Cash, one of the world’s most valuable cryptocurrencies — not to be confused with Bitcoin. A successful exploit of this vulnerability could have been so disruptive that transacting Bitcoin Cash safely would no longer be possible, completely undermining the utility (and thus the value) of the currency itself. Instead, the vulnerability was fixed without incident, and publicly disclosed on May 7, 2018.”
SIGHASH_BUG vulnerability could lead to the split of Bitcoin Cash blockchain and could be initiated as easy as by sending an ordinary transaction, specially crafted.
“In short, a portion of the transaction signature verification code was rewritten, but the new code omitted a critical check of a specific bit in the signature type.”
Fields wanted to immediately contact Bitcoin Cash developers and tell them about this bug, but an ordinary connection was not safe enough as the information about the vulnerability could leak and fall into the hands of fraudsters. Thus, Fields was forced to make an anonymous account on GitHub, and through the Tor contacted Bitcoin Cash developers. Not successful at the first attempt, Fields managed to submit an encrypted message to Bitcoin ABC’s bug tracker.
Published at Fri, 10 Aug 2018 14:53:41 -0400