On April 25, 2018, I privately disclosed a critical vulnerability in Bitcoin Cash (BCH) anonymously. Bitcoin Cash is one of the most valuable cryptocurrencies in the world, unlike Bitcoin (BTC). If a hacker successfully exploits this security loophole, it may cause great damage, making Bitcoin Cash transactions no longer possible to proceed safely, and ultimately completely destroying the use and value of the currency itself. The fact is that this vulnerability was well repaired without an accident, and the incident was disclosed to the public on May 7, 2018.
First, let's make a brief explanation of Bitcoin Cash. Bitcoin Cash is a cryptocurrency that is different from and incompatible with Bitcoin. It is named this way because it originated from Bitcoin. The fixed vulnerabilities described below only have an impact on Bitcoin Cash; the only thing related to Bitcoin Cash and Bitcoin is that their names are very similar.
As for why I want to do this? What is my motivation? I work on the digital currency project of the MIT Media Lab. As the name suggests, this is a team responsible for research and development of cryptocurrency. Specifically, I help develop and maintain the Bitcoin Core Wallet and the main software implementation of Bitcoin. Because of this work, I am often asked this question at conferences and seminars: What do you think is the biggest challenge Bitcoin will face in the future? And my answer is always the same: Bitcoin must pay attention to avoiding catastrophic software vulnerabilities in the future.
By studying this vulnerability that may have catastrophic consequences, I am convinced that the threat of software vulnerabilities is seriously underestimated in the cryptocurrency world. I have provided a detailed report on this incident. This is not a fuss, but I hope to use this real-world example to let people understand that there is still a lot of work to be done to achieve the level of complex engineering required for cryptocurrency, and at the same time. It is a wake-up call for companies that have not yet fully prepared for this situation.
In short, part of the transaction signature verification code has been rewritten, but the new code omits the critical check of specific bits in the signature type. I refer to this bit as SIGHASH_BUG in this article. This omission will cause a specially crafted transaction to fork the Bitcoin Cash blockchain into two incompatible chains. I will describe the importance of this kind of fork in the next section. For detailed information on the vulnerabilities and fixes, please refer to the published text.
Most cryptocurrencies, including Bitcoin and Bitcoin Cash, operate by distributing a ledger of all transactions to all participants. In order to be able to consume, the currency holder must first create a transaction, which must comply with all the rules of the system. Most of these rules are obvious and straightforward, such as "you can't spend more than you have", but other rules are more subtle and more technical, especially those that describe how digital signatures should be formatted. However, if the use of cryptocurrency is not allowed, then who will set up these so-called verification rules?
Everyone participates in setting up verification rulesThe rules of the system are determined by everyone, and it is the job of the software to implement these rules. If a participant tries to cheat and creates a transaction in which he is not spending his own currency, then the software of the other participants will simply reject the transaction. Therefore, in order to ensure that the transaction is generally accepted, it must comply with all the rules, even if the rules are extremely pedantic.
The software responsible for enforcing the verification rules needs to be continuously improved. In order to improve performance, add features, improve security, etc., constant changes are required. However, it is very important that the way the rules are enforced from one version to another must remain exactly the same.
So, what happens if an accidental programming bug in the new version of the software causes the transaction to be considered valid and all previous versions consider it invalid? The result is a "blockchain split," which means that only a subset of participants who have upgraded the software will accept the transaction. Since transactions and blocks are linked together, these two subsets are not consistent on each subsequent transaction. If there is no rapid action by developers and all participants are united together, the two participant camps will never reach agreement. By then, this currency has actually split into two incompatible currencies, and trading as before will no longer be possible.
Timing plays a crucial role when weighing the potential impact of vulnerabilities such as these. If the blockchain is divided into two pieces, 99% of the participants are on one side, and only 1% of the participants are on the other side, then obviously standing with the majority is the way forward. However, if about 50% of people have upgraded to the new version, then there is no easy choice.
I discovered this kind of split-chain vulnerability in a new version of Bitcoin Cash's most popular software, but it was only discovered after nearly half of the networks were upgraded to it.
Vulnerability foundSince Bitcoin Cash is free and open source software, it is often used as a starting point for emerging cryptocurrencies. In addition to benefiting from years of improvements, sharing code also means that other unrelated cryptocurrencies can benefit from each other's improvements. The main software of Bitcoin Cash is called Bitcoin ABC (Bitcoin ABC), which is one of the software based on Bitcoin Core Wallet.
Due to the large amount of common code, these derivative projects usually have similar vulnerabilities, and therefore similar vulnerabilities are fixed. However, it is unrealistic to expect developers of one currency to actively share their improvements with developers of other currencies, because it is difficult enough to keep up with one project alone. For this reason, I have developed a habit of making some changes to these projects every few months to find possible bug fixes related to the Bitcoin Core wallet.
When checking the change log of Bitcoin ABC earlier this year, I noticed that a key part of transaction verification has been refactored. These changes immediately attracted my attention, because they seemed unnecessary. Out of curiosity about these changes, I took a look at the public comments on these changes. Apart from "encapsulation", there is no reason to explain it. There were only two reviewers for this change, and the code was accepted after the review lasted for a week.
Large-scale refactoring is very common and is usually a good practice in specific software development. However, modifying the verification code of a cryptocurrency is extremely risky, and it is very likely to inadvertently introduce a chain fork error.
After seeing few comments and big changes, I thought that a bug might have occurred, so I checked it out. It took less than 10 minutes to find SIGHASH_BUG.
Anonymous disclosureI mentioned above that my disclosure is anonymous. I want to explain the reason, because anonymity plays an important role in this process.
After confirming that the vulnerability could be exploited, I started to notify the developers of Bitcoin ABC (the full-node implementation of the Bitcoin Cash protocol), but soon realized that I had a big problem. This is a vulnerability in publicly available open source software. Someone may have discovered this vulnerability. Until the fix is ​​fully deployed, nothing can stop others from discovering and exploiting this vulnerability.
So what happens in the worst case? Suppose I disclosed this vulnerability in a non-public manner on my behalf, and other people also found the vulnerability and exploited it anonymously the next day. Because I use my name for disclosure, there will be enough evidence to prove that I have the knowledge and means to attack the Bitcoin Cash network, but I cannot prove that I am not an attacker. However, if the loopholes are exploited, it may cause billions of dollars in losses, and the cost is much higher than killing these people. So anonymity is very important, and I think it is necessary for my safety.
In trying to figure out whether it can be disclosed completely anonymously, I began to wonder whether it was worth the effort. After all, I am not obligated to report anything. However, if someone finds an equally serious vulnerability in the Bitcoin Core wallet, I would very much hope that this person will draw our attention in a way that is as cautious and safe as possible. So I decided to do this: create the report I want to read, and write this report according to the standards I want.
The first step is obvious, I need to track Bitcoin ABC’s responsible disclosure policy. Nowadays, strategies to deal with such problems are common and are a must for any safety-critical project. Unfortunately, I cannot find such a strategy on the Bitcoin ABC website or code base. When I submitted a vulnerability to their GitHub issue tracker, I found the closest strategy.
However this did not help. Then, I started trying to find the publicly released encryption keys of Bitcoin ABC developers. I encrypt a message to them to make sure that no one else can view it, so I don’t have to worry about how to deliver the message. I cannot actually verify the identity of the key holder, but this method is still quite secure and much better than no encryption at all.
However, I encountered another obstacle. There are no key developers listed on the public PGP key server, and these keys are usually found on the public PGP key server, and they are not in their code repository. At the time, I had no choice but to anonymously request the key through different online channels and use Tor to hide my identity as much as possible.
On April 25, I first created a one-time Github account and sent a request to some Bitcoin ABC developers there.
Thankfully, this method worked! About 5 hours later, I received a key, and then quickly used it to encrypt and disclose the problem in detail. However, when I came back to check the response the next day, Github marked my one-time account, presumably because I used Tor. So I can't continue to make further contact on Github, I can only assume that no one has received my disclosure.
Now that I have the encryption key, I decided to try the last method: I submitted an encrypted message to the Bitcoin ABC vulnerability tracker, also using Tor and a one-time account. After 6 hours, after receiving no response, I made the last request on their tracker.
On April 27, after waiting for about 48 hours, Bitcoin ABC issued a pull request to secretly solve the problem. Apparently they received my message. success!
My thinkingThe Bitcoin Cash vulnerabilities that I discovered have been successfully disclosed and have been patched so far, without any significant impact on Bitcoin Cash in the end. However, it would be a pity if the entire cryptocurrency ecosystem did not learn some experience and lessons from the analysis of this vulnerability. As a cryptocurrency developer, it is necessary to take a step back now and re-evaluate the tools we can use, as well as the policies and procedures we implement. We may not be able to eliminate the threats posed by these vulnerabilities, but we can learn from them and be prepared to deal with them in the future.
Fiber Optic Distribution Box,Fiber Optic Breakout Box,Fibre Optic Breakout Box,Fibre Break Out Box
Cixi Dani Plastic Products Co.,Ltd , https://www.danifiberoptic.com