News BU Critical Bug ‘Damage Would Have Been in the Millions’ During Fork

As attackers exploited a bug that crashed 50% of Bitcoin Unlimited nodes Tuesday, the industry reacted saying its developers had a lucky financial escape.

BU ‘Vulnerability’ Bug

The attack occurred around half an hour after Bitcoin Unlimited was uploaded to Github, with nodes completely shutting down to the point where over half the network was no longer operating.

As BU’s main proponent Roger Ver tried to salvage the situation, users reacted harshly, Ver having only a week ago launched his own dedicated BU mining pool.

“Normally, in Bitcoin Unlimited when we find a Core bug we just fix it and move on,” he tweeted quoting a blog post from developer Andrew Stone.

"Normally, in Bitcoin Unlimited when we find a Core bug we just fix it and move on" https://t.co/cqQaIm5FZJ — Roger Ver (@rogerkver) March 14, 2017

Entrepreneur Andrew Milne meanwhile commented that had BU been its own altcoin, something mooted as a possibility in the event of a Bitcoin hard fork, the value of coins “would have dropped 50-70%.”

IMO, the value of Bitcoin Unlimited coins ($BTU) would have dropped 50-70% yesterday, probably recovering half of that when patched — Alistair Milne (@alistairmilne) March 15, 2017

2 Critical Bugs Still At Large?

One node operator described the bug as “plain incompetence” and questioned the possibility of further bugs occurring, something which rumors from Core developers later supported.

“Based on what [Gregory Maxwell] said and what some people are whispering. 2 other critical bugs in BU yet to be fixed,” a Twitter response to Core developer Peter Todd’s reaction reads.

Todd had taken to social media to remove himself from suspicion surrounding the attack, stating he “had nothing to do with” what happened.

@petertoddbtc based on what gmaxwell said and what some people are whispering. 2 other critical bugs in BU yet to be fixed. Jeezus. — Avatar X (@AvatarX) March 15, 2017

Further reactions were predictable in light of the bitter debate between BU and Core supporters, which has now dragged on for almost two years.

More rumors were accompanied by criticism of BU developers from prominent cryptocurrency figures, Litecoin creator Charlie Lee reproducing alleged evidence of Stone’s vulnerability overview not being mathematically sound.

“We have… chosen to follow responsible disclosure procedures even though so far the negative effects of this attack have been minimal,” Stone also wrote in an initial statement about the problem.

He requested the community to “limit the communication of this issue to miners, Bitcoin enterprises, and client developers until patches are available and upgrades complete.”

Not The First Time, Not The Last?

Containment measures, which involved a four-hour ban for any node sending suspicious behavior, appears meanwhile to be semi-successful, node numbers having risen from a low of 410 to 543.

Bitcoin Core node numbers jumped considerably at the same time.

The latest fiasco is in fact the second BU bug, Stone having previously told Bitcoinist in January how a previous setback “was caused by a miscounting of the bytes in the coinbase.”

Ever level-headed, Andreas Antonopoulos surmised that “individual incompetence” was not to blame for BU’s misfortunes.

“It’s about a process with diverse and laborious review, which catches bugs before production,” he said, while stressing that there was little economical impact this time before a potential hard fork.

“During a fork, the damage would have been in the millions,” Antonopoulos noted. “QA [quality assurance] matters.”

BU has shipped an exploitable bug on a code base that is 0.001 of the size of Core's. That's several orders of magnitude worse QA process — Andreas (@aantonop) March 15, 2017

What do you think about the Bitcoin Unlimited bugs? Let us know in the comments below!

Images courtesy of Twitter, Coin.dance, Shutterstock