Bitcoin Engineers Rediscover Major Blockchain Vulnerability on Decred

Bitcoin engineers have rediscovered a major blockchain vulnerability found in 2018 on the software that powers the Bitcoin blockchain, Bitcoin Core. The vulnerability was discovered on Decred (DCR).

The vulnerability was first found by Bitcoin protocol engineer Brandon Fuller. Called INVDoS, short for inventory out-of-memory denial-of-service attack, it could see an attacker create malformed Bitcoin transactions that, when processed by nodes, would lead to an uncontrolled consumption of the server’s memory resources, leading to an eventual crash of affected nodes.

In a paper, Fuller wrote:

At the time of the discovery, this represented more than 50% of publicly-advertised Bitcoin nodes with inbound traffic, and likely a majority of miners and exchanges

INVDoS, according to ZDNet, also impacted Bcoin and Btcd servers, as well as cryptocurrencies built using the original Bitcoin protocol. These include Litecoin, Namecoin, and Decred. Per Fuller, the bug was dangerous as it could “contribute to a loss of funds or revenue.”

This, he added, could be through a loss of mining time or expenditure of electricity by shutting down nodes. It could also be through the “disruption and delay of time-sensitive contracts or prohibiting economic activity.” Exchanges, e-commerce, atomic swaps, escrows and lightning network payment channels could be hit.

In 2018 the vulnerability was quietly patched and kept a secret, to avoid hackers exploiting it on other blockchains build using the original Bitcoin protocol, such as Litecoin and Namecoin. At the time, the generic identifier CVE-2018-17145 so it would not tip off attackers.

INVDoS was, however, rediscovered by another Bitocin protocol engineer earlier this year, as Javed Khan found it while looking for bugs in the Decred cryptocurrency. The bug was reported to its bug bounty program, and later on disclosed so other cryptocurrencies using the same protocol could patch it.

Both Fuller and Khan asserted that, as far as they know, the vulnerability has not been exploited.

Featured image via Pixabay.

Disclaimer

The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, or other advice. Investing in or trading cryptoassets comes with a risk of financial loss.

Bitcoin Engineers Rediscover Major Blockchain Vulnerability on Decred

Disclaimer

Related Articles

XRP Ledger’s Decentralized Exchange Sees Total Value Locked Soar Over 7.5 Million $XRP

Shiba Inu’s Supply on Exchanges Drops to Two-Year Low as $SHIB Price Surges

Standard Chartered Remains Bullish on Crypto as Ether ETF Approval Delays are ‘Priced in’

You Might Like

Most Read

“Bitcoin Is No Longer ‘Cheap’ and Is Considered To Be Trading at ‘Fair’ Value”: Fidelity Digital Assets Report

Crypto Analyst Who Nailed 2018 Bottom Says Bitcoin Will Hit New High in Weeks, Predicts $120,000 Cycle Top

TON Foundation Launches USDT on Telegram’s Integrated Blockchain: A Milestone for Global Crypto Payments

Mainland Chinese Investors Likely Barred from Hong Kong’s Spot Bitcoin and Ether ETFs, Say Bloomberg Analysts

Bitcoin Price Falls as Fed Chair Powell Expresses Caution on Rate Cuts