Inflation Bug Still a Danger to More Than Half of All Bitcoin Full Nodes

Eight months after the discovery of the inflation bug, more than half of the full nodes on the bitcoin network are still running client versions susceptible to the vulnerability.
Eight months after the discovery of the inflation bug, more than half of the full nodes on the bitcoin network are still running client versions susceptible to the vulnerability.

Figures published by bitcoin core developer Luke Dashjr show that more than half of the full nodes in the bitcoin network are still running client software vulnerable to the inflation bug discovered in September 2018.

This revelation poses some danger to the network, as software vulnerabilities are a clear and present danger to the fidelity of bitcoin (BTC). Now that the top-ranked cryptocurrency is in the midst of a positive price run, it is perhaps important that steps are taken to eradicate the inflation bug problem for good.

Most bitcoin full nodes still vulnerable to the inflation bug

As reported by Cointelegraph on May 8, research by Dashjr shows that more than 50% of full nodes on the bitcoin network are still running software versions of the bitcoin client that are susceptible to the inflation bug.

However, from that time, the figure has fallen slightly from about 60% to 54%. This means that, in the last few days, some full nodes have upgraded to a more recent client software update.

Back in September 2018, developers first discovered the inflation bug — which, in theory, could allow miners to inflate the total bitcoin supply beyond the 21 million BTC by spending multiple unspent transaction outputs (UTXOs) in the same transaction.

Given the nature of the bug, the developers kept it a secret, quietly releasing a new version of the client. An excerpt from the September 2018 common vulnerabilities and exposures (CVE) report released by Bitcoincore.org reads:

“In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade. On September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated.”

One key takeaway from Dashjr’s analysis is the total number of full nodes on the bitcoin network. Most bitcoin literature sources put the number of full-node numbers at somewhere approaching 10,000.

However, Dashjr opines that this number is closer to 100,000 and that the reason for this discrepancy lies in the fact that many sources only account for nodes actively listening on the network.

Called listening nodes, these full nodes have open port connections that can be probed. However, not all full-nodes are listening nodes; some, hidden behind firewalls or configured to not actively listen for new connections, don’t have easily discoverable open port connections.

The severity of the inflation bug

To understand the severity of the inflation bug, it is important to know the mechanism by which the problem could be exploited. This process would involve a summary explaining of the double-spend attack, the inflation bug itself and the problems that could arise if left unchecked.

Bitcoin’s early success lends itself greatly to Satoshi Nakamoto’s — the creator of bitcoin — brilliant solution to the double-spending problem that had prevented the successful deployment and implementation of prior virtual currency systems.

By creating an immutable ledger with nodes validating transactions, it became almost theoretically impossible to spend the same UTXO in two different transactions.

The severity of the inflation bug

However, what happens when, instead of spending the UTXO in two different transactions, a malicious actor tries to use one transaction to spend UTXO multiple times? Because of the way bitcoin is engineered to work, this action would mean creating new coins virtually out of thin air, thus inflating the total supply — ergo, the inflation bug.

Several successive updates to the bitcoin software have tried to improve the blockchain’s immunity to the first type of double-spend attack. However, by the Core 0.14.x version of the bitcoin software client, developers began to notice there was a possibility of a distributed denial of service (DDoS) vulnerability in the software client.

The bug allowed a malicious attacker to crash nodes running the 0.14.x software version by attempting to spend the same UTXO twice. In this iteration of the bug, the objective would have been to crash as many nodes as possible and not necessarily inflate the total bitcoin supply.

In trying to fix the problem, the next released update, 0.15.0, included features that inadvertently allowed a malicious attacker to double spend the same UTXO in one transaction. Instead of causing a system crash, this new bug caused older software clients to recognize such double-spend transactions as valid.

Upon discovery, developers again released a new version of software before announcing it to the wider cryptocurrency community. However, several months after the issue ought to have been solved, it appears that more than half the full nodes on the network are still running client implementations vulnerable to the bug.

Cointelegraph spoke with Dashjr about the implication of the inflation bug, to which the bitcoin developer replied:

“The inflation bug is in practice a network-wide risk. It would allow a 51% miner attack to cause inflation (something such attacks can't normally do). The inflationary chain would only be accepted by vulnerable nodes and light wallets.”

Expanding further on the dangers posed by the bug, Dashjr went on to say:

“It makes what was thought to be a full node, actually just a light wallet in that one respect. If more than a small minority use light wallets, miners get to make up the rules.”

All nodes have to do is upgrade

Whenever developers discover a bug of this nature, the solution is always to get nodes to upgrade to a newer version of software that hopefully has features that eliminate the problem. Sometimes, this process may lead to the emergence of another problem — as seen in 2018, when solving the DDoS bug caused the inflation bug to manifest.

When asked by Cointelegraph what should be done about the situation, Dashjr’s answer was simple and straight to the point:

“Everyone upgrading to a fixed full node.”

While this process is ongoing, does the bitcoin network face any credible risk stemming from the fact that half of the full nodes are vulnerable to the inflation bug? The answer to the question might lie in who really holds the true power in the network: miners or developers?

In 2018, bitcoin developer, Jimmy Song expressed the view that rogue miners trying to take advantage of the inflation bug would find it nearly impossible to succeed. For one, Song said that not every full node runs the bitcoin core, a large number prefer to deploy custom iterations of the bitcoin client.

The fact that some nodes do not run the core client already diminishes the attack because such nodes will reject the block containing the inflated UTXOs. If a significant number of miners reject the tainted block, then a chain split likely occurs.

Back in 2010, during the “value overflow incident” discovered in block 74,638, developers published a new update to the client in less than five hours, solving the problem. The block in question contained a transaction that created about 184 billion BTC for three addresses, with two addresses receiving 92.2 billion BTC and the miner responsible for solving the block getting 0.01 BTC.

The discrepancy only lasted for the next 53 blocks, and by block height 74,691, all traces of the value of overflow no longer existed on the network. Nodes that initially accepted the chain split with the tainted block soon began to revert to the chain split that didn’t contain the inflated block.

The same applies to the inflation bug: Once the split occurs, developers and others on the network would begin to notice, as Song explained in this excerpt of his blog post, which reads:

“Because of these irregularities, people on the network would soon have tracked this down, probably have alerted some developers and the core developers would have fixed it. If there was a fork, the social consensus at that point about which is the right chain would start getting discussed and the chain creating unexpected inflation would have likely lost out. If there was a stall, there likely would have been a voluntary rollback to punish the attacker.”

For Song, given the economics of the attack, it is unlikely that rogue miners would want to employ such a tactic. However, the bitcoin educator said that hackers working for countries with anti-bitcoin sentiments could exploit the bug to destroy the network.