Bitcoin Unlimited nodes crashed to around 250 yesterday, down from some 700, as a new bug was exploited. They have now recovered with the underlying vulnerability again based on asserts being used in production which allowed skilled coders to remote crash the nodes.
Bitcoin Unlimited developers came up with a quick fix, but the code wasn’t released for some hours, with only binaries released. Leading to criticisms of operating in a closed source manner.
The Bitcoin Unlimited developers were previously criticized for openly revealing a security vulnerability before binaries were released, a vulnerability which was tweeted out by Peter Todd and led to nodes crashing last week.
After that incident, Bitcoin Unlimited developers seemingly took the view that asserts should not be enabled in production, but replaced in a way that allows nodes to gracefully exit. It is not clear why this was not done in this case prior to its exploitation, but it may have well been the case that devs were working on it.
The market’s reaction was a fall in price by some $80 as expressions of disapproval over the infighting continue to increase with bitcoin’s market cap falling to under $17 billion and its dominance now standing close to breaching 70%.
This is the latest in what has been an eventful week as Bitcoin Unlimited and Bitcoin Core go head to head over the future of the currency. With Bitcoin Unlimited now standing just under 40%, Bitcoin Core appears to have considerably increased its efforts.
However, segwit has stalled at around 25%, gaining no new miners, while the hashrate of Bitcoin Unlimited has been on an upward trend for some months as miners seemingly prefer the client.
Two big miners remain undecided: F2Pool and BW, with HaoBTC a smaller third. After the bug exploits they may be hesitant, but it is not clear whether, beyond asserts, there is any other known vulnerability.
The use of asserts in live production by Bitcoin Core, from which Bitcoin Unlimited forked, is an unusual practice. Bitcoin Unlimited was launched by ordinary bitcoiners, with some having decades of coding experience but not in Bitcoin Core. Such unusual practice was, therefore, seemingly overlooked as bitcoin does not have a specification.
In some ways, it does show the benefits of different teams and the competition between the two may, in the longer term, even be beneficial for the currency as they keep each other in-check and keep group think at bay.
However, Bitcoin Unlimited clearly needs to engage in more robust testing and closer code scrutiny while Bitcoin Core would probably benefit from a more mature way of operating, especially when it comes to responsible disclosure of security vulnerabilities.
Comment