Bit money appears serious flaw!

The near future, development staff discovers to there is an unusually serious flaw in Bitcoin Core software, this makes developer be in a Zhousan released a flaw to revamp plan -- end of client of 0.16.3 version Bitcoin Core.

It is reported, this one flaw is belonged to reject to serve type flaw, if be used, aggressor can be used at atttacking node, at worst, it can cause bit money network to break down temporarily.

However, not be the capacity that everybody has benefit to use this one loophole, have the collier that those run the hardware that dig mine and network of processing bit money trades only, the means that ability trades through double flower quite will exploit this one loophole.

Bit money appears serious flaw!

And to them character, carry out such attack, mean them to be able to lose area piece award, according to computation of today's bit money exchange rate, these award (12.5BTC) overbalance 75000 dollars.

It is reported, of this flaw introduce first, the issuance that client of version of restrospect to Bitcoin Core 0.14.0 carries, time place is in March 2017 portion. But this one flaw is discovered in nearly two talents, this makes the contributor of Core code library take urgent action, issue the repair order that passes a test finally inside 24 hours.

Fortunately, user of money of most now bit does not need to do anything.

Development staff emphasizes saying, user " memory " bit money does not have what risk, however, this one flaw may affect the person of those use lightning networks.

Nevertheless, because this flaw is right,bit money network has potential risk, the user that development staff suggests strongly to run complete node currently upgrades as soon as possible their software, money of Gong Di bit child forum administrator Theymos also buy carried a announcements about this flaw on the head.

Bitcoin Core developer describes in part of software patch annotate:

"All participator that we urge a network upgrade as soon as possible new software. "All participator that we urge a network upgrade as soon as possible new software..

Can affect lightning network

Laisili Lambert ever said famous computer scientist:

"To distributed system, among them a computer that you do not know to exist even appeared breakdown, cause your computer possibly to cannot be used. Cause your computer possibly to cannot be used..

And be in current below this kind of special situation, make the collier that blemish trades, may affect the node that moves on the network. Place of OpTech Newsletter of money of bit of no less than points out in that way, the collier wants to atttack bit money node, go trying double flower with respect to need money of a few bit.

And impact of this one flaw is the biggest, will be to use the bit money that those have not prepare to bind a technology (lightning network) user. If somebody carries out such attack, may affect in advocate the bit money user that lightning network runs on the net.

"If you are running lightning network harum-scarum, you should update a client to carry as soon as possible, perhaps shut your passageway, fortunately, updating is very easy, " Blockstream engineer Gregory Sanders is urged on Gong Di forum say.

What attention needs here is, if baleful collier exploited this loophole, the node that causes an user breaks down, so baleful participator may use this opportunity to cheat user of other lightning network.

Even if is such, a few developer think, want to accomplish these attack, it is very difficult actually.

"I think it is unlikely to produce very big effect, " developer Justin Camarena tells CoinDesk.

Why do this have some of person to think namely, average user does not need to worry about this one problem.

"Unless you ran a business, perhaps ran lightning network node, otherwise you can not have capital risk, " complement says Sanders later.

Judge its to affect hard

However, below the historical setting of bit money, this one flaw has how old sense after all, still make clear hard at present.

Antoine Le Calvez of Blockchain.info data engineer listed a past years comes the detailed list of similar loophole, show these flaw are in the inchoate level of bit money is more common.

But the contributor Luke Dashjr of Bitcoin Core is however to this response, he thinks to flaw won't follow time elapse possibly in that way to what data shows and decrease.

"Lamentable is, what I think in recent years we are lacked is flaw exposure job, is not fewer development work, " he says.

Meanwhile, someone else also reached from inside this one flaw other conclusion, namely " bit money programmer also is laic, they also can err " .

The chief developer Chris Pacia of OpenBazaar thinks even, although a lot of users think bit money developer is the strongest developer group on the world, but this also just proved, they also are the common developer that can encounter an obstacle actually.

"Mistake happening, total meeting has such thing in the life, " Chris Pacia is being pushed go up especially express, "I am not critically because of this flaw them, what I criticize is those holding to Core developer is ' sacred ' extremely goofy brief creed person. What I criticize is those holding to Core developer is ' sacred ' extremely goofy brief creed person..

Nevertheless, camarena thinks, because the nuance of this one flaw and attack carry out difficulty, so people can try such charge not quite.

He tells a reporter:

"This is a serious flaw, but that kind of how terrible that does not think like certain person. But that kind of how terrible that does not think like certain person..

Add: Replace a method

If you move, is end of old version client, shut it please, till its are shut completely (the time that old version may need a few minutes) , run installation program again next (go up in Windows) or the copy is enclothed to / Applications/Bitcoin-Qt (Mac system) or Bitcoind/bitcoin-qt (Linux system) .

Move for the first time when you 0.15.0 or when the client that replaces edition is carried, your catenary condition database becomes changeover a kind of new form, this depends on the speed of your machine, spends time varies to half hours from a few minutes.

Attention, format of area piece database also produced change in 0.8.0 version, and the client before 0.8 version is carried be carried to the client of 0.15.0 version and did not upgrade automatically code. In the client end of 0.7.x version or earlier version, cannot come true to upgrade directly (need downloads area piece catenary afresh) . Nevertheless, same as usual is, the purse of old version remains support.

未经允许不得转载:News » Bit money appears serious flaw!