The 600 microseconds that almost caused the Bitcoin system to collapse

Bitcoin's fourth halving has been completed. This decentralized system has been running successfully for 15 years. However, the Bitcoin Core client vulnerability disclosed in 2018 directly threatens the stability of the Bitcoin system and is one of the biggest Bitcoin vulnerabilities. Today, I will introduce to you the client double-spending vulnerability, CVE-2018-17144, disclosed on September 20, 2018.

What is Bitcoin Core?

Bitcoin Core was initiated by Satoshi Nakamoto and is considered the "orthodox" Bitcoin client. It is also the most used at present. The software can verify all transactions ever made by the blockchain and can transfer funds.

What is CVE-2018-17144?

In the 0.14 - 0.16.2 versions released by Bitcoin Core, there is an extremely serious vulnerability that will cause program crashes and double-spending problems. That is to say, the input contained in a transaction can be output multiple times, which will cause unlimited issuance, destroy the consensus of the total amount of 21 million bitcoins, and cause inflation. It was later included in the public vulnerability as CVE-2018-17144.

Why is there this vulnerability?

This can be traced back to 2016. Although it is a vulnerability discovered in 2018, it was foreshadowed in 2016. In 2016, a developer proposed a merge to Bitcoin Core

hope to delete the repeated input check in the transaction check, which will save about 600 microseconds. The auditor then approved this merge, and the bomb had been buried at this time.

In version 0.14.x, this vulnerability was officially released in the client code. If this vulnerability is fully exploited, it will cause the client that receives the broadcast to crash, but will not affect the data on the chain. Other clients can discard the broadcast of the attacking node, and to trigger this attack, the attacker needs to discover a block, which is very costly and can only crash some clients without bringing any benefits to the attacker.

Until version 0.15 released in September 2017, the developer optimized the structure of the UTXO database, accidentally allowing the client to continue to operate in the case of repeated input, which opened up the possibility of double spending for this vulnerability.

How was this vulnerability discovered?

After version 0.15 was released, no one discovered this vulnerability for a year until September 17, 2018, until BCH developer awemany found this comment in the BCH code base while sitting in a pickup truck by the sea at noon

Check for duplicate inputs — note that this check is slow so we skip it in CheckBlock

awemany felt something was wrong and used regtest mode to test duplicate inputs. The result was a direct prompt

Wham! assert(), Aborted.

He realized that this might be exploited, leading to the risk of inflation and split chains, and wrote

BitcoinABC does not check for duplicate inputs when processing a block, only when inserting a transaction into the mempool.

This is dangerous as blocks can be generated with duplicate transactions and then sent through e.g. compact block missing transactions and avoid hitting the mempool, creating money out of thin air.

/u/awemany

He then immediately reported the vulnerability and the fix to Bitcoin Core and Bitcoin ABC (BCH development team).

He wrote in his review that he was relieved after submitting it. He found a vulnerability worth millions of dollars, which could have a huge impact on a currency worth $100 billion (now $1.2 trillion). In fact, he could rent computing power to short BTC, which could make him rich directly, but he didn't. He chose to report the vulnerability.

At 21:58 on the same day, Bitcoin ABC released a patch to fix the vulnerability and sent this message to the majority of nodes, urging them to upgrade. After most nodes completed the upgrade, the vulnerability was fully disclosed.

However, the impact was not only on Bitcoin and BCH, but also on various forked Bitcoin core altcoins. Since the vulnerability was merged by the Bitcoin core team, everyone blamed the Bitcoin core team.

Because of the 600 microsecond change, the double-spending vulnerability was lurking on the chain for a year. If this vulnerability is exploited, it may lead to a hard fork. Will the price of Bitcoin still be the current price? Will it be like the hard fork of Ethereum that year, and another ETC will be born.