Community Criticizes Bitcoin Unlimited’s Inability to Prevent Severe Bug Exploitation

It is becoming more evident that the likelihood of Bitcoin Unlimited being executed as a hard fork solution is substantially low. One major factor which ultimately drove the community and miners away from Bitcoin Unlimited is its development team’s inability to prevent severe bugs and internal technical issues from being exploited.

In a span of two weeks, Bitcoin Unlimited suffered from two major bug exploitations. The first bug which happened on March 14 led to a 6-hour downtime for Bitcoin Unlimited miners. According to bitcoin investor Alistair Milne, considering the 35 percent hashrate allocated to the software, the cost of the bug exceeded US$200,000 in miner revenue losses. In addition, hundreds of nodes were shut down as a result of the bug.

The bitcoin community including Bitcoin Core developer Peter Todd were outraged by the dishonesty of Bitcoin Unlimited developers when the team claimed that they found the March 14 bug themselves. In an interview, a security researcher by the name of Charlotte Gardner revealed that she found the bug before the Bitcoin Unlimited team even came close to spotting it.

“I am quite beside myself at how a project that aims to power a $20 billion network can make beginner’s mistakes like this.” I am rather dismayed at the poor level of code quality in Bitcoin Unlimited and I suspect there [is] a raft of other issues” said Gardner.

The philosophy of the Bitcoin Unlimited team when it comes to open source development conflicts with the core principle of bitcoin. The Bitcoin network was designed in such a way that an open community of developers pave the growth of Bitcoin in a transparent and secure manner. However, because Bitcoin Unlimited as software is being developed by a closed group of developers with little to no transparency, the community is struggling to support the project.

In particular, when the second bug was found, as reported by The Merkle on March 22, the Bitcoin Unlimited team ran a closed source patch to fix the error. According to Bitcoin Core developer Greg Maxwell, the update of the Bitcoin Unlimited team removed runtime state corruption protection, which is necessary in order for nodes to shut down cleanly when an unexpected error occurs.

Maxwell explained:

“Among other things, they’ve removed all the runtime state corruption protection… so cases where nodes would cleanly and safely shut down in the event of things going wrong, turn into potential consensus splits or even remote code execution.”

If such an update was released to an open source development community and underwent peer and community review before being added to the software, there is a high chance that it would have been approved due to security issues.

Introducing closed source updates as a recovery mechanism to protect users from bug exploitations isn’t an efficient and secure method of development, especially when it comes to developing bitcoin. Developers, especially Bitcoin Core developers, often try to prevent bugs from being released to the public as it may negatively affected virtually everyone within the network, especially the miners.

As security and bitcoin expert Andreas Antonopoulos explained, if the bugs of Bitcoin Unlimited were exploited during a hard fork, their damage to miners would have been in the millions. In that scenario, even if Bitcoin Unlimited developers were to release an update to resolve the issue, the financial damage on miners would have already been significant.

Image Via: General Assembly

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.