Bitcoin Forum
May 20, 2019, 03:49:08 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Funny how inflation bug was swept under the rug  (Read 313 times)
Butterscotch Cartman
Jr. Member
*
Offline Offline

Activity: 108
Merit: 6


View Profile
January 01, 2019, 08:42:23 PM
Last edit: January 01, 2019, 09:03:54 PM by Butterscotch Cartman
 #1

People are acting like inflation bug never existed in bitcoin, hilarious.  Rarely hear about it , this forum is filled with shills trying to pump their bags.

1558324148
Hero Member
*
Offline Offline

Posts: 1558324148

View Profile Personal Message (Offline)

Ignore
1558324148
Reply with quote  #2

1558324148
Report to moderator
1558324148
Hero Member
*
Offline Offline

Posts: 1558324148

View Profile Personal Message (Offline)

Ignore
1558324148
Reply with quote  #2

1558324148
Report to moderator
NEW GAME FORMAT
JACKPOT UP TO $8000+
Guess The Symbols Of a Real Ethereum Hash
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558324148
Hero Member
*
Offline Offline

Posts: 1558324148

View Profile Personal Message (Offline)

Ignore
1558324148
Reply with quote  #2

1558324148
Report to moderator
1558324148
Hero Member
*
Offline Offline

Posts: 1558324148

View Profile Personal Message (Offline)

Ignore
1558324148
Reply with quote  #2

1558324148
Report to moderator
bones261
Legendary
*
Online Online

Activity: 1554
Merit: 1534


My hat is in storage. https://ibb.co/YLkPgXb


View Profile
January 01, 2019, 08:59:37 PM
Merited by suchmoon (4), The Pharmacist (3), ETFbitcoin (1), Last of the V8s (1)
 #2

     Are you talking about the one discovered a few months ago or the one in 2010? What is amazing with the recent one is that the exploit was in the code for quite a bit of time and no miner exploited it. I'm happy the BU developer did the right thing and reported the exploit rather than give it over to one of the Bitcoin Cash advocates.
     Just so you know, no miner in their right mind would have exploited this unless their motive was to destroy cryptocurrency as a whole. Most miners are in it for the profit and such a move would have killed the golden goose. Besides, if a miner had exploited the recent bug, the BTC developers and other miners would have just did something similar to what happened in 2010. (Although the 2010 bug was unlike this bug, since I believe the old bug was triggered by accident and not by deliberate intent.) In 2010, they came up with the patch and eventually the corrected chain had the most work and reorged the bad chain out of existence.
    BTW: I would recommend that you don't use this thread that you created to try and launch a troll campaign against BTC. As soon as you start to derail this thread to fall off-topic, the moderators will probably lock it.

......
.L I V E C O I N . N E T.
.
..PROFITBOX..
██  █████████████████████████
  █████████▄      ▄██████████
█████████████▄  ▄████████████
    █████████████████████████
  ██████████▀    ▀█ ▀████████
████  █████▀  ▄▄  ▀█  ▀██████
  ████████▀  ▄██▄  ▀█   ▀████
    ██████   ▀██▀   ██   ████
  █████████▄      ▄██████████
██  █████████▄  ▄████████████
  ███████████████████████████
██  █████████████████████████
  █████████████████████▀ ███
█████████████████████▀   ███
    █████████████▀     ████
  █████████████▀   ██    ████
████  █████▀     ██    ████
  ███████▀   ██    ██    ████
    █████    ██    ██    ████
  ███████    ██    ██    ████
██  █████    ██    ██    ████
  ███████████████████████████
.....
Butterscotch Cartman
Jr. Member
*
Offline Offline

Activity: 108
Merit: 6


View Profile
January 01, 2019, 09:03:42 PM
 #3

    Are you talking about the one discovered a few months ago or the one in 2010? What is amazing with the recent one is that the exploit was in the code for quite a bit of time and no miner exploited it. I'm happy the BU developer did the right thing and reported the exploit rather than give it over to one of the Bitcoin Cash advocates.
     Just so you know, no miner in their right mind would have exploited this unless their motive was to destroy cryptocurrency as a whole. Most miners are in it for the profit and such a move would have killed the golden goose. Besides, if a miner had exploited the recent bug, the BTC developers and other miners would have just did something similar to what happened in 2010. (Although the 2010 bug was unlike this bug, since I believe the old bug was triggered by accident and not by deliberate intent.) In 2010, they came up with the patch and eventually the corrected chain had the most work and reorged the bad chain out of existence.
    BTW: I would recommend that you don't use this thread that you created to try and launch a troll campaign against BTC. As soon as you start to derail this thread to fall off-topic, the moderators will probably lock it.

Yes I'm talking about the recent one, I'm concerned fools are being tricked into investing into Bitcoin without knowing all the facts.  Not one bitcoin "investor" I have spoken to has even heard of the bug.  People need to be aware that bitcoin is not really 100% safe in a world where code is law.
bones261
Legendary
*
Online Online

Activity: 1554
Merit: 1534


My hat is in storage. https://ibb.co/YLkPgXb


View Profile
January 01, 2019, 09:15:56 PM
Merited by Abdussamad (2), ETFbitcoin (1)
 #4


Yes I'm talking about the recent one, I'm concerned fools are being tricked into investing into Bitcoin without knowing all the facts.  Not one bitcoin "investor" I have spoken to has even heard of the bug.  People need to be aware that bitcoin is not really 100% safe in a world where code is law.

     Well, they are not a good "investor" if they do not do their due diligence and keep up with the risks of their investment. The very fact that BTC is very volatile and has returned an insane amount of return since it's inception should give any good investor a clue that this is risky. (I mean we went from 10000 BTC buying a pizza to 1 being worth ~20000 USD at it's ATH)
     I for one have only invested a very small amount in BTC and cryptocurrency in general. However, I have kept myself informed on what is going on. If someone is going to mortgage their house and not devote a 10th of the time that I have spent attempting to learn about it, then they are a gambler and not really an investor.

......
.L I V E C O I N . N E T.
.
..PROFITBOX..
██  █████████████████████████
  █████████▄      ▄██████████
█████████████▄  ▄████████████
    █████████████████████████
  ██████████▀    ▀█ ▀████████
████  █████▀  ▄▄  ▀█  ▀██████
  ████████▀  ▄██▄  ▀█   ▀████
    ██████   ▀██▀   ██   ████
  █████████▄      ▄██████████
██  █████████▄  ▄████████████
  ███████████████████████████
██  █████████████████████████
  █████████████████████▀ ███
█████████████████████▀   ███
    █████████████▀     ████
  █████████████▀   ██    ████
████  █████▀     ██    ████
  ███████▀   ██    ██    ████
    █████    ██    ██    ████
  ███████    ██    ██    ████
██  █████    ██    ██    ████
  ███████████████████████████
.....
MagicByt3
Full Member
***
Offline Offline

Activity: 224
Merit: 113


View Profile
January 01, 2019, 09:21:27 PM
Merited by DarkStar_ (4), The Pharmacist (2), aplistir (1)
 #5

    Are you talking about the one discovered a few months ago or the one in 2010? What is amazing with the recent one is that the exploit was in the code for quite a bit of time and no miner exploited it. I'm happy the BU developer did the right thing and reported the exploit rather than give it over to one of the Bitcoin Cash advocates.
     Just so you know, no miner in their right mind would have exploited this unless their motive was to destroy cryptocurrency as a whole. Most miners are in it for the profit and such a move would have killed the golden goose. Besides, if a miner had exploited the recent bug, the BTC developers and other miners would have just did something similar to what happened in 2010. (Although the 2010 bug was unlike this bug, since I believe the old bug was triggered by accident and not by deliberate intent.) In 2010, they came up with the patch and eventually the corrected chain had the most work and reorged the bad chain out of existence.
    BTW: I would recommend that you don't use this thread that you created to try and launch a troll campaign against BTC. As soon as you start to derail this thread to fall off-topic, the moderators will probably lock it.

Yes I'm talking about the recent one, I'm concerned fools are being tricked into investing into Bitcoin without knowing all the facts.  Not one bitcoin "investor" I have spoken to has even heard of the bug.  People need to be aware that bitcoin is not really 100% safe in a world where code is law.

There is much talk about this subject a quick search of Bitcoin CVE or Bitcoin Exploit shows may topics regarding the issues both old and new.

https://bitcoincore.org/en/2018/09/20/notice/

https://hackernoon.com/bitcoin-core-bug-cve-2018-17144-an-analysis-f80d9d373362

While this was a serious flaw it had been fixed and no miners ever exploited it.

HeRetiK
Legendary
*
Offline Offline

Activity: 1106
Merit: 1049


the forkings will continue until morale improves


View Profile
January 01, 2019, 10:42:50 PM
 #6

Yes I'm talking about the recent one, I'm concerned fools are being tricked into investing into Bitcoin without knowing all the facts.  Not one bitcoin "investor" I have spoken to has even heard of the bug.  People need to be aware that bitcoin is not really 100% safe in a world where code is law.

There is much talk about this subject a quick search of Bitcoin CVE or Bitcoin Exploit shows may topics regarding the issues both old and new.

https://bitcoincore.org/en/2018/09/20/notice/

https://hackernoon.com/bitcoin-core-bug-cve-2018-17144-an-analysis-f80d9d373362

While this was a serious flaw it had been fixed and no miners ever exploited it.

Also actual usage of any such exploit would have been fairly obvious to an outside observer. It's not like anyone could have covertly inflated the coin supply.

Critical bug? Sure. Swept under the rug? Hardly. The exploit was widely publicized with information readily available to anyone keeping track of crypto.

Syke
Legendary
*
Offline Offline

Activity: 2968
Merit: 1030


View Profile
January 06, 2019, 11:09:12 AM
 #7

People need to be aware that bitcoin is not really 100% safe in a world where code is law.

Who is saying bitcoin is 100% safe?

Buy & Hold
aplistir
Full Member
***
Offline Offline

Activity: 315
Merit: 144



View Profile
January 06, 2019, 12:00:45 PM
 #8


     Well, they are not a good "investor" if they do not do their due diligence and keep up with the risks of their investment.
     I for one have only invested a very small amount in BTC and cryptocurrency in general. However, I have kept myself informed on what is going on. If someone is going to mortgage their house and not devote a 10th of the time that I have spent attempting to learn about it, then they are a gambler and not really an investor.
I have spend (too) much time in learning everything about bitcoin, but I had completely missed this bug.   I did notice in September that you  should update bitcoin core, but did not realise the bug made it  possible to "illegally" create new coins.

There is much talk about this subject a quick search of Bitcoin CVE or Bitcoin Exploit shows may topics regarding the issues both old and new.
https://bitcoincore.org/en/2018/09/20/notice/
https://hackernoon.com/bitcoin-core-bug-cve-2018-17144-an-analysis-f80d9d373362
Thanks for posting the links. Makes it much easier to understand what we are talking about Smiley

My Address: 121f7zb2U4g9iM4MiJTDhEzqeZGHzq5wLh
mixoftix
Member
**
Offline Offline

Activity: 104
Merit: 141

..


View Profile WWW
January 07, 2019, 10:33:03 AM
Merited by DarkStar_ (4)
 #9

People are acting like inflation bug never existed in bitcoin, hilarious.

bugs always exist in cyber world. the important part is the way you perform a debugging procedure. if I was an investor, I would find and invest on a coin that has the most quick reaction to a bug from identifying to patching it. so look at the analysis bellow:

Quote
Timeline for September 17, 2018: (all times UTC)

>> 14:57 anonymous reporter reports crash bug to: Pieter Wuille, Greg Maxwell, Wladimir Van Der Laan of Bitcoin Core
>> 15:15 Greg Maxwell shares the original report with Cory Fields, Suhas Daftuar, Alex Morcos and Matt Corallo
>> 17:47 Matt Corallo identifies inflation bug
.
.
>> 23:21 Bitcoin Core version 0.17.0rc4 tagged

September 18, 2018:

>> 00:24 Bitcoin Core version 0.16.3 tagged

which means within 3 hours the bug identifies and patches in less than 10 hours.. this is a great benchmark. so a bug that only lived in 10 hours is really like it never exists. its an honor, not hilarious.


من مست و تو دیوانه، مارا که برد خانه!؟
translation from Persian:
I am drunk and you are insane, who will take us home!? --Rumi
HeRetiK
Legendary
*
Offline Offline

Activity: 1106
Merit: 1049


the forkings will continue until morale improves


View Profile
January 07, 2019, 03:51:21 PM
 #10

Quote
Timeline for September 17, 2018: (all times UTC)

>> 14:57 anonymous reporter reports crash bug to: Pieter Wuille, Greg Maxwell, Wladimir Van Der Laan of Bitcoin Core
>> 15:15 Greg Maxwell shares the original report with Cory Fields, Suhas Daftuar, Alex Morcos and Matt Corallo
>> 17:47 Matt Corallo identifies inflation bug
.
.
>> 23:21 Bitcoin Core version 0.17.0rc4 tagged

September 18, 2018:

>> 00:24 Bitcoin Core version 0.16.3 tagged

which means within 3 hours the bug identifies and patches in less than 10 hours.. this is a great benchmark. so a bug that only lived in 10 hours is really like it never exists. its an honor, not hilarious.

A bug that was known for 10 hours Smiley

The bug was introduced with 0.15 [1] which was released in September 2017 [2], so the bug was around for about a year. Excellent response time nonetheless.

[1] https://bitcoincore.org/en/2018/09/20/notice/
[2] https://github.com/bitcoin/bitcoin/releases/tag/v0.15.0

gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2730
Merit: 2253



View Profile
January 07, 2019, 04:34:48 PM
Merited by Foxpup (3)
 #11

the bug made it  possible to "illegally" create new coins.
Well, not even quite that:  All the vulnerable nodes would have crashed on restart-- when automatic start-up safety tests caught the issue-- and refused to start again if it were triggered, just as we saw on testnet.

I'm having a hard time figuring out what the original post in this thread is trying to say. It sounds like it's trying to allege that the issue still exists. It doesn't.
mixoftix
Member
**
Offline Offline

Activity: 104
Merit: 141

..


View Profile WWW
January 07, 2019, 09:43:47 PM
 #12

The bug was introduced with 0.15 [1] which was released in September 2017 [2], so the bug was around for about a year. Excellent response time nonetheless.

[1] https://bitcoincore.org/en/2018/09/20/notice/

thank you for correction. I directly jumped in timeline section, and unfortunately there was no information about bug release date - so it looked like the bug was in a release that published the same day.. however, I am still happy with the response time, but why such important information doesn't exist in timeline!?

 

من مست و تو دیوانه، مارا که برد خانه!؟
translation from Persian:
I am drunk and you are insane, who will take us home!? --Rumi
HeRetiK
Legendary
*
Offline Offline

Activity: 1106
Merit: 1049


the forkings will continue until morale improves


View Profile
January 07, 2019, 10:18:58 PM
Merited by DarkStar_ (4), ETFbitcoin (1)
 #13

The bug was introduced with 0.15 [1] which was released in September 2017 [2], so the bug was around for about a year. Excellent response time nonetheless.

[1] https://bitcoincore.org/en/2018/09/20/notice/

thank you for correction. I directly jumped in timeline section, and unfortunately there was no information about bug release date - so it looked like the bug was in a release that published the same day.. however, I am still happy with the response time, but why such important information doesn't exist in timeline!?


It's right above the Timeline in the Technical Details section:

In Bitcoin Core 0.15, as a part of a larger redesign to simplify unspent transaction output tracking and correct a resource exhaustion attack the assertion was changed subtly. Instead of asserting that the output being marked spent was previously unspent, it only asserts that it exists.

I don't think disclosure timelines usually include the "release date" of the bug, as the introduction of exploitable code can not always be easily pin-pointed (and in some cases it's been there all along and becomes exploitable as technology progresses). Heartbleed [1] and Cloudbleed [2] are other good examples of well documented timelines. (Bonus timeline: Remote installation of the original Doom on network enabled Canon printers [3])

[1] https://www.smh.com.au/technology/heartbleed-disclosure-timeline-who-knew-what-and-when-20140414-zqurk.html
[2] https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
[3] https://www.contextis.com/en/blog/hacking-canon-pixma-printers-doomed-encryption

mixoftix
Member
**
Offline Offline

Activity: 104
Merit: 141

..


View Profile WWW
January 08, 2019, 10:42:12 PM
Last edit: January 08, 2019, 10:53:02 PM by mixoftix
Merited by DarkStar_ (4), bones261 (1)
 #14

I don't think disclosure timelines usually include the "release date" of the bug, as the introduction of exploitable code can not always be easily pin-pointed (and in some cases it's been there all along and becomes exploitable as technology progresses). Heartbleed [1] and Cloudbleed [2] are other good examples of well documented timelines. (Bonus timeline: Remote installation of the original Doom on network enabled Canon printers [3])

[1] https://www.smh.com.au/technology/heartbleed-disclosure-timeline-who-knew-what-and-when-20140414-zqurk.html

True. the amazing part of your first reference about heartbleed vulnerability is this quote that asks for more information for understanding what may have occurred before discovering the vulnerability:

Quote
If you have further information or corrections - especially information about what occurred prior to March 21 at Google - please email the author..

anyways this exploit reminds me the principles of protecting from supply chain attacks by NIST [1][2] and now the question is how much the software supply chain in bitcoin follows it? (in other words, does this exploit fit in the concept of supply chain attack?)

[1] https://csrc.nist.gov/csrc/media/projects/supply-chain-risk-management/documents/ssca/2017-winter/ncsc_placemat.pdf
[2] mirror of [1]: http://www.mixoftix.net/knowledge_base/security/nist_suppy_chain_attack_.pdf

من مست و تو دیوانه، مارا که برد خانه!؟
translation from Persian:
I am drunk and you are insane, who will take us home!? --Rumi
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!