Bitcoin Engineers Reveal New Blockchain Denial-of-Service Vulnerability Author: Jimmy Aki Last Updated: 14 September 2020 While Bitcoin promoters have always billed the asset as the most secure currency system, several incidents have shown that it’s not without its flaws. Recently, engineers discovered a vulnerability that could have caused significant problems for the network and its users. Blockchain Nodes Gone Rogue Braydon Fuller and Javed Khan, two engineers on the Bitcoin network, published a research paper where they detailed the discovery of a vulnerability that could lead to entire blockchains being shut down. In their study, the engineers explained that they first found the vulnerability — named INVDoS — on the Bitcoin network in 2018. While they believed it had been fixed, the vulnerability reared its head on two blockchain iterations — Decred and Btcd. According to the engineers, the vulnerability uses a hostile blockchain node to flood others with calls for non-existent transactions. This spamming action leads to the victim’s node becoming overwhelmed and significantly increases its memory. Eventually, the process would crash and freeze. The victim’s node will also stay frozen until the process becomes terminated. Khan pointed out that he came across the attack on Btcd — an alternative Bitcoin node that prevents users from getting or sending payments — in June 2020. A month later, he saw the same issue on the Decred blockchain network. The engineers pointed out that knowledgeable hackers could have exploited the vulnerability to crash multiple Bitcoin nodes. Fortunately, there hasn’t been any recorded incidence of the system deployed, and a team of engineers has finally developed a patch for it. This vulnerability could cause significant losses for millions on the network. Several aspects of Bitcoin operation rely on transactions’ speed to remain optimal — including and especially arbitrage trading. A sustained drag in transaction speed could cause these people to stay stranded and erode faith in the Bitcoin network even more. For an asset that is still trying to optimize its transaction speed, worsening metrics aren’t what Bitcoin needs currently. Ethereum’s Frontrunner Problem Bitcoin isn’t the only asset that is seeing renewed threats to its security. Dan Robinson, a research partner with the crypto-asset investment firm Paradigm, explained in a blog post from last month that Ethereum is also vulnerable to frontrunners. In his post, Robinson pointed out that the vulnerability lies in the design of Ethereum’s mempool — a set of unconfirmed transactions. He added that arbitrage bots monitor these transactions and attempt to exploit profitable opportunities that they create. These bots use predetermined algorithms to look for specific transactions and try to front-run them (practically, copying them and replacing their addresses). Some bots are so advanced, they can execute transactions and copy profitable ones. The researcher pointed out that his plan to remediate the problem had failed, and he warned miners to be wary of the threat.