This week the users of Bitcoin Cash were informed that a fault was detected in the software of the Bitcoin-ABc node. This fault could have provoked a non intentional bifurcation of the network. Since the fault was detected on time by an anonymous user, the development team created a patch to correct the fault and distributed it privately to the verified miners.
The information was published yesterday on the Bitcoin-ABC blog, the official website of the development team behind Bitcoin Cash. The statement says that an anonymous user detected the fault and this person still has not contacted the team to receive a reward in exchange for the discovery of the fault.
The detection of the fault was reported on April 26th. It was identified in the Bitcoin-ABC nodes that used the code version 0.17.0. The problem was addressed discreetly in just over a week and it was done silently probably because the team did not want to provoke any hacker attacks before the problem was solved. The blog post explains that it was easy to exploit the vulnerability: “Bitcoin ABC 0.17.1 fixes this problem. On 26APR2018 Bitcoin-ABC developers were notified by unknown person(s) of the vulnerability. If exploited the flaw would have caused an unintended split in the Bitcoin Cash network.
An attacker may construct a malicious transaction which would be accepted by Bitcoin-ABC 0.17.0 and mined into a block. This block would be rejected by all other versions of Bitcoin Cash compliant implementations. The malicious transaction would contain the bitflag of 0x20 set in the signature hash type.
After analysis of the vulnerability and possible responses, Bitcoin-ABC developers prepared a patch for the vulnerability, and a private release, to distribute directly to mining pool operators. Due to the decentralized nature of the mining community it was not possible to reach everyone directly. This release was provided to verified Bitcoin Cash miners to forward to trusted miners once they had upgraded.
We advise any Bitcoin ABC 0.17.0 users to upgrade to the latest version as soon as possible.
Bitcoin ABC will be taking several actions in order to prevent such an event from occuring again, as well as reduce the overall response time in the case of emergent issues in the future.
Additionally, Bitcoin ABC is in discussions with industry participants to establish a formal bug bounty system.”
It seems that other nodes would also be affected by this vulnerability, despite the fact that only the Bitcoin-ABC and BUCash nodes were analyzed.
The Bitcoin Cash development team plans on creating a reward system to urge and motivate the users to actively participate in the detection of the faults in the Bitcoin Cash blockchain network and thus improve its functioning.