Bitcoin Forum
February 23, 2020, 02:36:26 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Bitcoin Unlimited Remote Exploit Crash  (Read 752 times)
Hydrogen
Hero Member
*****
Offline Offline

Activity: 1344
Merit: 774



View Profile
March 15, 2017, 04:50:28 AM
 #1

Quote
This is essentially a remote crash vunerability in BTU. Most versions of Bitcoin Unlimited(and Classic on a quick check) have this bug. With a crafted XTHIN request, any node running XTHIN can be remotely crashed. If Bitcoin Unlimited was a predominant client, this is a vulnerability that would have left the entire network open to being crashed. Almost all Bitcoin Unlimited nodes live now have this bug.

To be explicitly clear, just by making a request on the peer-to-peer network, this could be used to crash any XTHIN node with this bug. Any business could have been shutdown mid-transaction, an exchange in the middle of a high volume trading period, a miner in the course of operating could be attacked in this manner. The network could have in total been brought down. Major businesses could have been brought grinding to a halt.
How many bugs, screw ups, and irrational arguments do people have to see before they realize how unsafe BTU is? If you run a Bitcoin Unlimited node, shut it down now. If you don't you present a threat to the network.

EDIT: Here is the line in main.cpp requiring asserts be active for a live build. This was incorrectly claimed to only apply to debug builds. This is being added simply to clarify that is not the case. (Please do not flame the person who claimed this, he admitted he was in the wrong. He stated something he believed was correct and did not continue insisting it was so when presented with evidence. Be civil with those who interact with you in a civil way.)

https://www.reddit.com/r/Bitcoin/comments/5zdkv3/bitcoin_unlimited_remote_exploit_crash/

Doesn't look good for bitcoin unlimited.

Imagine what would have happened if this exploit had been released later & if all the BU supporters could have moved their bitcoin to BU.

All their btc would be worthless now.




Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582468586
Hero Member
*
Offline Offline

Posts: 1582468586

View Profile Personal Message (Offline)

Ignore
1582468586
Reply with quote  #2

1582468586
Report to moderator
1582468586
Hero Member
*
Offline Offline

Posts: 1582468586

View Profile Personal Message (Offline)

Ignore
1582468586
Reply with quote  #2

1582468586
Report to moderator
GreenBits
Legendary
*
Offline Offline

Activity: 1148
Merit: 1048



View Profile
March 15, 2017, 05:07:29 AM
 #2

Quote
This is essentially a remote crash vunerability in BTU. Most versions of Bitcoin Unlimited(and Classic on a quick check) have this bug. With a crafted XTHIN request, any node running XTHIN can be remotely crashed. If Bitcoin Unlimited was a predominant client, this is a vulnerability that would have left the entire network open to being crashed. Almost all Bitcoin Unlimited nodes live now have this bug.

To be explicitly clear, just by making a request on the peer-to-peer network, this could be used to crash any XTHIN node with this bug. Any business could have been shutdown mid-transaction, an exchange in the middle of a high volume trading period, a miner in the course of operating could be attacked in this manner. The network could have in total been brought down. Major businesses could have been brought grinding to a halt.
How many bugs, screw ups, and irrational arguments do people have to see before they realize how unsafe BTU is? If you run a Bitcoin Unlimited node, shut it down now. If you don't you present a threat to the network.

EDIT: Here is the line in main.cpp requiring asserts be active for a live build. This was incorrectly claimed to only apply to debug builds. This is being added simply to clarify that is not the case. (Please do not flame the person who claimed this, he admitted he was in the wrong. He stated something he believed was correct and did not continue insisting it was so when presented with evidence. Be civil with those who interact with you in a civil way.)

https://www.reddit.com/r/Bitcoin/comments/5zdkv3/bitcoin_unlimited_remote_exploit_crash/

Doesn't look good for bitcoin unlimited.

Imagine what would have happened if this exploit had been released later & if all the BU supporters could have moved their bitcoin to BU.

All their btc would be worthless now.





This was/is hilarious, but it was much asshole to release this in a public forum, ESP Reddit, which has heaps more exposure than here. They had a field day with this, nodes starting going down left and right as people started to test this exploit for themselves (and you know someone was like 'let me make a script!' because people spend time and energy on the damndest shit).

But, this is pretty shitshowian, I guess it's for the best this came out like this, instead of an actual malicious attack with no preamble.
ebliever
Legendary
*
Offline Offline

Activity: 1666
Merit: 1022


View Profile
March 15, 2017, 05:37:55 AM
 #3


All their btc would be worthless now.


Worse than that, if they forked and drove Core into the ground (not likely), all OUR bitcoin would be worthless too. That's what gets me, the arrogance combined with the incompetence.

Luke 12:15-21

Ephesians 2:8-9
Foxpup
Legendary
*
Online Online

Activity: 2828
Merit: 1860


Vile Vixen


View Profile
March 15, 2017, 05:47:17 AM
 #4

This was/is hilarious, but it was much asshole to release this in a public forum, ESP Reddit, which has heaps more exposure than here.
It was the BU devs who first publicly announced the bug on GitHub instead of quietly fixing it. Roll Eyes While they are generally assholes, this particular action is in the stupid, not asshole, category (the asshole behaviour came later when they blamed Core for the whole mess).

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
franky1
Legendary
*
Offline Offline

Activity: 2674
Merit: 1631



View Profile
March 15, 2017, 07:01:48 AM
 #5


All their btc would be worthless now.


Worse than that, if they forked and drove Core into the ground (not likely), all OUR bitcoin would be worthless too. That's what gets me, the arrogance combined with the incompetence.

taking down a node does not destroy coins.
private keys are protected

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
dinofelis
Hero Member
*****
Offline Offline

Activity: 770
Merit: 609


View Profile
March 15, 2017, 07:03:44 AM
 #6

All their btc would be worthless now.

Can you explain the logical link between software crashing, and coins being worthless ?
If they had an exploit that could send unwarranted transactions, THAT would be fun.  But just crashing the node, what does that do ?  If the operating system on which the node runs, crashes, or the computer has a power failure, are coins worthless too ?
franky1
Legendary
*
Offline Offline

Activity: 2674
Merit: 1631



View Profile
March 15, 2017, 07:18:54 AM
 #7

All their btc would be worthless now.

Can you explain the logical link between software crashing, and coins being worthless ?
If they had an exploit that could send unwarranted transactions, THAT would be fun.  But just crashing the node, what does that do ?  If the operating system on which the node runs, crashes, or the computer has a power failure, are coins worthless too ?

nope just copy and paste your private key/seed into an updated client that does not have the bug.
diversity is good.

but imagine if the network was running only core nodes. nothing else was allowed. then your stuck(not destroyed) just stuck waiting

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
Foxpup
Legendary
*
Online Online

Activity: 2828
Merit: 1860


Vile Vixen


View Profile
March 15, 2017, 07:25:52 AM
 #8

All their btc would be worthless now.

Can you explain the logical link between software crashing, and coins being worthless ?
The value of Bitcoin lies solely in its usefulness for financial transactions. If a node run by a business crashes, they cannot send or receive transactions until it is fixed. If this happens to many business simultaneously (or even just a few large ones), the currency as a whole becomes useless.

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
Lauda
Legendary
*
Offline Offline

Activity: 2492
Merit: 2419


Exchange Bitcoin quickly-https://blockchain.com.do


View Profile WWW
March 15, 2017, 07:30:47 AM
 #9




Does *anyone* reasonable still want the client of these guys to be the main one on the network? Cheesy

███████████████████████████
███████████████████████████
████████▀▀▄▄▄▄▄▄▄▀▀████████
██████▀▄██▀▀▄▄ ████▄▀██████
█████ ███ ████ ▀▀████ █████
████ █████ ███▀▀▀▄████ ████
████ ███▀▀▀▄▄▄████████ ████
████ ██▄▄▀▀███████▀▄▄█ ████
█████ █████ █▀██▀▄███ █████
██████▄▀███▀▄█▀▄███▀▄██████
████████▄▄▀▀▀ ▀▀▀▄▄████████
██████████▀▄███████████████
██████████████████████████
.
.FORTUNEJACK   JOIN INVINCIBLE JACKMATE AND WIN......10 BTC........
█████████████████████████
█████████████████████████
██████▀▀▀       ▀▀▀██████
█████  ▄▄▄█████▄▄▄  █████
█████  █████ █████  █████
█████  ██▄     ▄██  █████
█████  ████   ████  █████
█████▄  ██▄▄█▄▄██  ▄█████
██████▄  ███████  ▄██████
███████▄   ▀▀▀   ▄███████
██████████▄▄ ▄▄██████████
█████████████████████████
█████████████████████████
.
..
franky1
Legendary
*
Offline Offline

Activity: 2674
Merit: 1631



View Profile
March 15, 2017, 07:38:13 AM
Last edit: March 15, 2017, 07:49:14 AM by franky1
 #10

Does *anyone* reasonable still want the client of these guys to be the main one on the network? Cheesy

dynamics is compatible with many implementation. even some other "core" nodes that have been tweaked in their own repo's
and yep that includes pools who have set consensus.h & policy.h to be adjustable at runtime.

blockstreams(core) can be dynamic with only a few extra lines of code.

but blockstreams(core) want dominance and want to be the sole codebase.
imagine if blockstreams(core) achieved it withno diverse codebase of differing nodes existing.. and blockstreams(core) had a bug.
it wont be a simple copy and paste keys into an alternative while you wait to fix.. your instead stuck

diversity is good(Sipa's 2013 leveldb bug taught us that atleast)

but todays event atleast shows that core are NOT independent by not wanting to help keep things diverse.

but i do laugh that you think running BU or anything not blockstream is a "power grab".. where the truth is its actually a dilution of power and an increase of diversity by having different 'brands' on the network


which would you prefer:
diversity: a few nodes of one brand go offline due to a bug/exploit
centralist: all nodes of one brand go offline due to a bug/exploit

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
Dream 1000 BTC
Newbie
*
Offline Offline

Activity: 18
Merit: 0


View Profile
March 15, 2017, 07:55:10 AM
 #11

https://pbs.twimg.com/media/C66gpcRWgAAFlMt.jpg:large


Does *anyone* reasonable still want the client of these guys to be the main one on the network? Cheesy

LMAO, the image makes my happy day. BU sucks, has plenty of bugs, and thinks they will change the bitcoin, no doubt they will kill bitcoin.  Angry
AliceWonderMiscreations
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile WWW
March 15, 2017, 07:55:46 AM
 #12

Satoshi's original code had bugs that were far worse.

This bug should not have existed but that does not mean the BU project isn't the right direction for Bitcoin to take.

I hereby reserve the right to sometimes be wrong
dinofelis
Hero Member
*****
Offline Offline

Activity: 770
Merit: 609


View Profile
March 15, 2017, 07:59:27 AM
 #13

All their btc would be worthless now.

Can you explain the logical link between software crashing, and coins being worthless ?
The value of Bitcoin lies solely in its usefulness for financial transactions.

Nah, the value of bitcoin as of today mainly resides in the expectation to find one day a fool that will buy it from you at higher price.  Most bitcoins are hodled.  If the value of bitcoin today were residing in its capacity to treat transactions, it should be around $50 right now !  Many transactions take ages to get confirmed....

I agree with you that if the expectation was that no transactions will EVER be possible, of course, that would mean indeed that what you are holding, is valueless.  But that is actually MORE the case if you expect inflating fees than expecting a bug to be corrected.
rico666
Legendary
*
Offline Offline

Activity: 1120
Merit: 1029


฿ → ∞


View Profile WWW
March 15, 2017, 08:15:02 AM
 #14

Satoshi's original code had bugs that were far worse.

This bug should not have existed but that does not mean the BU project isn't the right direction for Bitcoin to take.

You are right. There are a thousand other reasons why the BU project isn't the right direction for Bitcoin to take.
This is just a small one and could be neglected.


Rico

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  Past BURST Activities
ebliever
Legendary
*
Offline Offline

Activity: 1666
Merit: 1022


View Profile
March 15, 2017, 03:28:57 PM
 #15


All their btc would be worthless now.


Worse than that, if they forked and drove Core into the ground (not likely), all OUR bitcoin would be worthless too. That's what gets me, the arrogance combined with the incompetence.

taking down a node does not destroy coins.
private keys are protected

Pushing an incompetent implementation forward that the market does not support, thus leading to the price crashing, is what I was talking about.

Luke 12:15-21

Ephesians 2:8-9
Kprawn
Legendary
*
Offline Offline

Activity: 1862
Merit: 1068


View Profile
March 15, 2017, 03:43:20 PM
 #16

We have Peer review for this very reason.... to spot these problems before it goes live. Bitcoin has been solid so far, because a lot of people are

checking and verifying the code all the time. You have seen this, when Mike Hearn and company, wanted to sneak in some bad code into XT.

The people that still think BU is the way to go, has to re-think their strategy.  Roll Eyes

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
dinofelis
Hero Member
*****
Offline Offline

Activity: 770
Merit: 609


View Profile
March 15, 2017, 04:06:36 PM
 #17

We have Peer review for this very reason.... to spot these problems before it goes live. Bitcoin has been solid so far, because a lot of people are

checking and verifying the code all the time. You have seen this, when Mike Hearn and company, wanted to sneak in some bad code into XT.

The people that still think BU is the way to go, has to re-think their strategy.  Roll Eyes

Well, in as much as there is antagonists trying to attack code, that's the best peer review that can be done.  I don't think BU (nor Segwit) will be activated, but bitcoin without block limits would have been better.  But that's not bitcoin now. 

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!