Back in April a serious bug was discovered in Bitcoin Cash, the controversial fork that claims to be the ‘real’ bitcoin. A developer anonymously sent a report to the team, and the issue was rectified before potentially billions of dollars worth of damage had been caused. Now, Cory Fields — a Bitcoin Core researcher — has written a blog stating that he discovered the bug and sent the report, and explaining why he did so anonymously.
‘A successful exploit of this vulnerability could have been so disruptive that transacting Bitcoin Cash safely would no longer be possible, completely undermining the utility (and thus the value) of the currency itself… In short, a portion of the transaction signature verification code was rewritten, but the new code omitted a critical check of a specific bit in the signature type. I refer to that bit in the disclosure as SIGHASH_BUG. This omission would have allowed a specially crafted transaction to split the Bitcoin Cash blockchain into two incompatible chains.’
This whole episode should be profoundly embarrassing to BCash, for several reasons. Firstly, their shills — especially Roger Ver — claim the protocol is technically superior to Bitcoin Core. In reality, without unsolicited help from a Bitcoin Core dev, it would quite possibly be worthless. Secondly, Bitcoin Cash changed just a small amount of code when they forked from Bitcoin Core, and yet they somehow managed to introduce a fatal bug into this altered code. Worse, the code review process was abysmal, as Fields writes:
‘I noticed that one of the most critical pieces of transaction validation had been refactored. The changes jumped out at me immediately because they seemed so unnecessary. Curious about the reasoning behind them, I took a look at the public review the changes had undergone. There was no justification other than “encapsulation,” it had only two reviewers, and review only lasted a week before the code was accepted… After seeing the minimal review the changes had undergone and the large number of lines changed, I thought it reasonably likely that a bug might have slipped in, and so I went looking. It took less than 10 minutes to find SIGHASH_BUG.’
Not only that, but Fields found it extremely difficult to report the bug at all, due to the lack of proper process or even contact details available. Days were wasted as he tried to contact the team. He explains his reasoning behind maintaining his anonymity throughout: should an attack have been carried out before the issue was fixed, costing users billions of dollars, he would fall under suspicion. People have been killed for far less.
This whole episode betrays a profound lack of professionalism at the heart of Bitcoin Cash. A lot of the crypto community are already extremely wary of BCash, due to the scammy marketing techniques and the attempted land-grab of the ‘Bitcoin’ brand. This bug and the process of fixing it suggests that incompetence should also be added to the list. If you want to entrust your money to the Bitcoin Cash network, Caveat Emptor.
Read Cory Fields’ blog post here.
Red hot news, scorching wit and searing opinion pieces from Crypto Inferno.
Join us onTelegram