Subscribe
May 18, 2026
Sign In

Capitalizations Index – B ∞/21M

Menu
Breaking
Bitcoin’s Fixed Supply Schedule: Immutable by Design Bitcoin’s Immutability: Securing Blockchain’s Past Records Understanding Bitcoin Forks: When a Blockchain Divides Can Bitcoin Be Lost? Understanding Private Key Risks Bitcoin Multisig Transactions: Enhancing Security Measures

CVE-2018-17144 Full Disclosure

CVE-2018-17144 Full Disclosure

Cve-2018-17144 full disclosure

CVE-2018-17144, a fix for which was released on September 18th in bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability. It was originally reported to several developers working on bitcoin Core, as well as projects supporting other cryptocurrencies, including ABC and Unlimited on September 17th as a Denial of Service bug only, however we quickly determined that the issue was also an inflation vulnerability with the same root cause and fix.

In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade. On September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated.

At this time we believe over half of the bitcoin hashrate has upgraded to patched nodes. We are unaware of any attempts to exploit this vulnerability.

However, it still remains critical that affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs.

In bitcoin Core 0.14, an optimization was added (bitcoin Core PR #9049) which avoided a costly check during initial pre-relay block validation that multiple inputs within a single transaction did not spend the same input twice which was added in 2012 (PR #443). While the UTXO-updating logic has sufficient knowledge to check that such a condition is not violated in 0.14 it only did so in a sanity check assertion and not with full error handling (it did, however, fully handle this case twice in prior to 0.8).

Thus, in bitcoin Core 0.14.X, any attempts to double-spend a transaction output within a single transaction inside of a block will result in an assertion failure and a crash, as was originally reported.

In bitcoin Core 0.15, as a part of a larger redesign to simplify unspent transaction output tracking and correct a resource exhaustion attack the assertion was changed subtly. Instead of asserting that the output being marked spent was previously unspent, it only asserts that it exists.

Thus, in bitcoin Core 0.15.X, 0.16.0, 0.16.1, and 0.16.2, any attempts to double-spend a transaction output within a single transaction inside of a block where the output being spent was created in the same block, the same assertion failure will occur (as exists in the test case which was included in the 0.16.3 patch). However, if the output being double-spent was created in a previous block, an entry will still remain in the CCoin map with the DIRTY flag set and having been marked as spent, resulting in no such assertion. This could allow a miner to inflate the supply of bitcoin as they would be then able to claim the value being spent twice.

Timeline for September 17, 2018: (all times UTC)

  • 14:57 anonymous reporter reports crash bug to: Pieter Wuille, Greg Maxwell, Wladimir Van Der Laan of bitcoin Core, deadalnix of bitcoin ABC, and sickpig of bitcoin Unlimited.
  • 15:15 Greg Maxwell shares the original report with Cory Fields, Suhas Daftuar, Alex Morcos and Matt Corallo
  • 17:47 Matt Corallo identifies inflation bug
  • 19:15 Matt Corallo first tries to reach slushpool CEO to have a line of communication open to apply a patch quickly
  • 19:29 Greg Maxwell timestamps the hash of a test-case which demonstrates the inflation vulnerability (a47344b7dceddff6c6cc1c7e97f1588d99e6dba706011b6ccc2e615b88fe4350)
  • 20:15 John Newbery and James O’Beirne are informed of the vulnerability so they can assist in alerting companies to a pending patch for a DoS vulnerability
  • 20:30 Matt Corallo speaks with slushpool CTO and CEO and shares patch with disclosure of the Denial of Service
  • 20:48 slushpool confirmed upgraded
  • 21:08 Alert was sent to bitcoin ABC that a patch will be posted publicly by 22:00
  • 21:30 (approx) Responded to original reporter with an acknowledgment
  • 21:57 bitcoin Core PR 14247 published with patch and test demonstrating the Denial of Service bug
  • 21:58 bitcoin ABC publishes their patch
  • 22:07 Advisory email with link to bitcoin Core PR and patch goes out to Optech members, among others
  • 23:21 bitcoin Core version 0.17.0rc4 tagged

September 18, 2018:

  • 00:24 bitcoin Core version 0.16.3 tagged
  • 20:44 bitcoin Core release binaries and release announcements were available
  • 21:47 Bitcointalk and reddit have public banners urging people to upgrade

September 19, 2018:

  • 14:06 The mailing list distributes an additional message urging people to upgrade by Pieter Wuille

September 20, 2018:

  • 19:50 David Jaenson independently discovered the vulnerability, and it was reported to the bitcoin Core security contact email.

Published at Thu, 20 Sep 2018 04:00:00 +0000

Previous Article

Sources of Demand Surrounding Crypto and BTC Will Change Next Year

 Next Article

BITCOIN – Area Where It Has 17 Touches & Only 1 Breakthrough??!

You might be interested in …

White Hats Step In to Save Funds from Vulnerable Ether Wallets

White Hats Step In to Save Funds from Vulnerable Etherscan Wallets

At 11:30 a.m. (CDT) on July 19, 2017, a hacker managed to steal 153,000 ETH (approximately $32 million at the time) from three Ethereum wallets by exploiting a vulnerability within the wallets’ multi-signature verification. The affected wallets include the ones using Parity client version 1.5 or later.

According to a tweet by Project Lead Manuel Aráoz, the three multisig wallets first targeted by the hack were using Parity client version 1.5 or later, and included Edgeless Casino, Swarm City and Æternity Blockchain. However, Project Blocktix also reported a loss totaling 3,916 ETH. According to ETHNews, Blocktix.io was hit by a second attacker who exploited the same vulnerability.

A Swarm City blog post revealed that a group of white hat hackers managed to secure the remaining funds from the affected ETH wallets using the same exploit. The swift response of the white hat hackers allowed them to secure the funds of other vulnerable projects. Unfortunately, funds in the wallets of Edgeless Casino, Swarm City and Æternity Blockchain are completely lost, though the “white hat response team” managed to secure 6,272 of 10,188 ETH at Blocktix.io.

The White Hat Group announced on Reddit that they will create “another multisig for you [the affected users] that has the same settings as your [the users’] old multisig but with the vulnerability removed and we will return your [the users’] funds to you [the users].” The response team warned the Reddit community to be careful with donation addresses below their post since there are “a lot of phishers in the community right now.”

On July 19, Parity Technologies published a critical security alert stating there was a vulnerability connected to Parity Wallets. The users affected by the vulnerability included “any user with assets in a multi-sig wallet created in Parity Wallet prior to 19/07/17 23:14:56 CEST.” The company urged users to move all assets from the multisig wallets to a secure address. Wallets seemingly unaffected by the breach include Geth, MyEtherWallet and single-user accounts created on Parity.

Parity updated its post as of today stating that future versions of their multisig wallets are secure:

“Future multi-sig wallets created by versions of Parity are secure (Fix in the code is https://github.com/paritytech/parity/pull/6103 and the newly registered code is https://etherscan.io/tx/0x5f0846ccef8946d47f85715b7eea8fb69d3a9b9ef2d2b8abcf83983fb8d94f5f).”

Swarm City also posted information for users affected by the hack:

“If you do have funds in the multisig contract: carefully move your funds to a new account ASAP. If your funds are no longer in your multisig, please check the Black hat and White hat addresses. They might have been saved by the White hat group.”

To check on funds held by either the black hat or the white hat hackers, see the ETH addresses below:

White Hat Group’s wallet: 0x1DBA1131000664b884A1Ba238464159892252D3a
First hacker’s wallet: 0xB3764761E297D6f121e79C32A65829Cd1dDb4D32
Second attacker’s wallet: 0x1Ff21eCa1c3ba96ed53783aB9C92FfbF77862584

The hacks have not only affected the wallets of the victims but also the overall price of ether. According to Coin Market Cap’s stats, the price experienced a 15 percent drop from $234.94 (at 0:04, July 19) to $199.70 at the end of the day. However, ETH has since recovered to around $227 today.

The post White Hats Step In to Save Funds from Vulnerable Ether Wallets appeared first on Bitcoin Magazine.

Close Menu