Wow. BCH had a consensus vulnerability. Core dev Cory Fields anonymously lets them know. They fix and continue without the issue. Read the whole thing.
A story about how a Bitcoin Core developer saved Bcash from a fatal consensus bug: Kudos, Cory!
Two posts: Cory, a Bitcoin developer, shares his experience disclosing a chain-split vulnerability in Bitcoin Cash in April, and a follow-up post on how to improve security in cryptocurrencies.
We would like to thank Cory Fields for his professionalism in responsibly disclosing a bug to Bitcoin ABC, as described in his recent article.
Bitcoin Core developper Cory Fields saved Bcash from collapsing due to a software bug he anonymously and responsibly disclosed. What a class act! And a lesson in reciprocity and FOSS morality “Responsible disclosure in the era of cryptocurrencies”
A great and powerful disclosure by Cory Fields. He has earned a lot of respect for his professional conduct. I also noticed he called it “Bitcoin Cash” throughout the article, very nice.
“Responsible disclosure in the era of cryptocurrencies” by Cory Fields
Massive !! BCH value easily could have gone to ZERO !! Wonder how many similar fatal bugs are at BCH due to lack of developer quality? ⁦⁩ would be interesting to interview ⁦⁩ on this
Every ethical & responsible cryptocurrency developer should read this! 👍👏 “I mentioned above that my disclosure was anonymous. I’d like to explain the reasoning for that, as anonymity played a significant role in the process.”
So Bitcoin Core dev Cory Fields made a responsible disclosure of a bug found on BCH. Interesting how it is indeed very dangerous to report a critical vulnerability if not done anonymously
"The new code omitted a critical check of a specific bit in the signature type. This omission would have allowed a specially crafted transaction to split the [Bcash] blockchain into two incompatible chains."
“Responsible disclosure in the era of cryptocurrencies”. Cory Fields' experience disclosing a critical Bitcoin Cash vulnerability
Core Devs on bugs: "The message had apparently been received. Success!" Altcoin devs on bugs: 'I was unable to “weaponize” this exploit during my testing so I feel that there is little risk in public disclosure today.'
Cory’s choice reads right out of ’s blog about disclosures! WRT this story, there is a reasonable expectation for crypto-projects to lay a foundation of QA and operational excellence at the current ceiling.
“Responsible disclosure in the era of cryptocurrencies” by Cory Fields
Cory Fields, you are the hero we didn't deserve. You are like a reverse Peter Todd. 😍 Thanks! ( And where is your twitter account??)