{"id":2593,"date":"2019-03-01T08:00:16","date_gmt":"2019-03-01T08:00:16","guid":{"rendered":"https:\/\/bitcoinsv.io\/?p=2593"},"modified":"2020-09-28T06:00:22","modified_gmt":"2020-09-28T06:00:22","slug":"bitcoin-sv-security-audit-helps-resolve-multiple-vulnerabilities-across-different-bitcoin-blockchains","status":"publish","type":"post","link":"https:\/\/bitcoinsv.io\/2019\/03\/01\/bitcoin-sv-security-audit-helps-resolve-multiple-vulnerabilities-across-different-bitcoin-blockchains\/","title":{"rendered":"BITCOIN SV SECURITY AUDIT HELPS RESOLVE MULTIPLE VULNERABILITIES ACROSS DIFFERENT BITCOIN BLOCKCHAINS"},"content":{"rendered":"\n<p>The Bitcoin SV (BSV) community is committed to the \u201cSatoshi Vision\u201d for delivering a secure and scalable Bitcoin network that supports the world\u2019s new money and use as the global enterprise blockchain. As part of its commitment to professionalise the Bitcoin development process, the <u><a href=\"https:\/\/bitcoinsv.io\/\">Bitcoin SV Node <\/a><\/u>implementation team engaged the services of Trail of Bits, a leading cybersecurity research company with expertise in blockchain technologies, to perform a security audit of the Bitcoin SV Node implementation source code.&nbsp; The security audit revealed multiple vulnerabilities that Bitcoin SV did not itself cause but likely inherited from the Bitcoin Core (BTC) and thus Bitcoin ABC software for Bitcoin Cash (BCH) from which the Bitcoin SV were forked.&nbsp; However, Bitcoin SV\u2019s audit and professionalised approached to security has now helped all these major blockchains resolve the vulnerabilities.<\/p>\n\n\n\n<p>A full security audit requires significant time and cost to perform, but the Bitcoin SV Node implementation team did so (with financial support from its partners at <u><a href=\"https:\/\/coingeek.com\/\">CoinGeek<\/a><\/u>) as a critical step to bring more professionalism to the Bitcoin ecosystem.&nbsp; We believe this is the first time any Bitcoin node implementation has ever been security audited in the 10-year history of Bitcoin.<\/p>\n\n\n\n<p>After conducting its security audit, Trail of Bits reported numerous&nbsp; findings.&nbsp; The Bitcoin SV Node implementation team considered three of these findings to be significant enough to warrant responsible and confidential disclosure to other potentially affected Bitcoin implementations &#8211; specifically to implementations for the Bitcoin Core (BTC) and Bitcoin Cash (BCH) chains which compete against BSV.<\/p>\n\n\n\n<p>The three vulnerabilities have been rated as<em> <strong>medium severity<\/strong> <\/em>with low difficulty to exploit and expose the Bitcoin node software to Denial of Service attacks resulting in a high overall risk rating. The Bitcoin SV Node implementation team disclosed the details of these vulnerabilities to other Bitcoin implementations (for Bitcoin Core and Bitcoin Cash) on 10 January 2019, requesting full confidentially until 11 February 2019 and that detailed information about the vulnerabilities be kept confidential until 1 March 2019. This process follows industry best practice by providing sufficient time for development teams to release and deploy updated software before the details of the vulnerabilities become public knowledge.<\/p>\n\n\n\n<p>The details of the vulnerabilities were disclosed to the software development teams of Bitcoin Unlimited, Bitcoin XT, Bitcoin ABC, and Bitcoin Core. An analysis of the vulnerable portions of the source code indicated that these software implementations may be affected by these vulnerabilities &#8211; most likely because the vulnerabilities first existed in the Bitcoin Core software <strong><em>before<\/em><\/strong> it was forked by Bitcoin ABC to create ABC (an implementation for Bitcoin Cash), and before Bitcoin SV thus inherited these vulnerabilities from Bitcoin ABC.<\/p>\n\n\n\n<p>1) The first vulnerability, CVE-2018-1000891, would enable an attacker to send specially crafted network packets to the target node which would needlessly consume large amounts of processor and network resources. The attack could result in a Denial of Service by exhausting processor and network resources and would not be detected or prevented by the software.<\/p>\n\n\n\n<p>2) The second vulnerability, CVE-2018-1000892, would similarly enable an attacker to send specially crafted network packets which would needlessly consume large amounts of processor and network resources. The attack could result in a Denial of Service by exhausting processor and network resources and would not be detected or prevented by the software.<\/p>\n\n\n\n<p>3) The third vulnerability, CVE-2018-1000893, would also enable an attacker to send specially crafted network packets which would needlessly consume large amounts of memory resources. The attack could result in a Denial of Service by exhausting memory resources and causing system failure. The attack would not be detected or prevented by the software.<\/p>\n\n\n\n<p>For Bitcoin SV, these vulnerabilities were addressed in release 0.1.1 of the Bitcoin SV Node implementation which was released on 11 February 2019.<\/p>\n\n\n\n<p>Bitcoin SV Node Lead Developer Daniel Connolly remarked:<\/p>\n\n\n\n<p>\u201cBy organising this security audit (with funding by CoinGeek) and by sharing the results in a responsible and secure manner, the Bitcoin SV Node team, <u><a href=\"https:\/\/nchain.com\/en\/\">nChain<\/a><\/u> and our partners at CoinGeek demonstrate our commitment to increase the quality of Bitcoin software and professionalise the engineering process.\u201d<\/p>\n\n\n\n<p>Even though the Bitcoin SV Node implementation team did not create these vulnerabilities and likely inherited them from Bitcoin Core and Bitcoin ABC, its groundbreaking approach to apply software industry best practices to Bitcoin node development has now also benefited the competing Bitcoin Core and Bitcoin Cash ecosystems.<\/p>\n\n\n\n<p>The Bitcoin SV Node reference implementation is a project of the <u><a href=\"https:\/\/bitcoinassociation.net\/\">Bitcoin Association<\/a><\/u>.&nbsp; The Bitcoin Association\u2019s Founding President Jimmy Nguyen observed:<\/p>\n\n\n\n<p>\u201cAs I\u2019ve said before, it\u2019s time for Bitcoin to grow up and professionalise.&nbsp; This security audit is a big step in that direction, because no other Bitcoin project is taking such a comprehensive approach to security.&nbsp; The results and improvements exemplify how the Bitcoin SV Node team is taking steps to prepare Bitcoin SV to have the reliability needed to become the world\u2019s new money and the global enterprise blockchain.&nbsp; It also demonstrates that Bitcoin SV is now leading the Bitcoin industry, even helping other projects that deviated from the Satoshi Vision for Bitcoin.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Bitcoin SV (BSV) community is committed to the \u201cSatoshi Vision\u201d for delivering a secure and scalable Bitcoin network that supports the world\u2019s new money and use as the global enterprise blockchain. As part of its commitment to professionalise the Bitcoin development process, the Bitcoin SV Node implementation team engaged the services of Trail of [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[73],"tags":[],"lang":"en","translations":{"en":2593,"zh":2596},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v15.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>BITCOIN SV SECURITY AUDIT HELPS RESOLVE MULTIPLE VULNERABILITIES ACROSS DIFFERENT BITCOIN BLOCKCHAINS - Bitcoin SV<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/stag.bitcoinsv.io\/2019\/03\/01\/bitcoin-sv-security-audit-helps-resolve-multiple-vulnerabilities-across-different-bitcoin-blockchains\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BITCOIN SV SECURITY AUDIT HELPS RESOLVE MULTIPLE VULNERABILITIES ACROSS DIFFERENT BITCOIN BLOCKCHAINS - Bitcoin SV\" \/>\n<meta property=\"og:description\" content=\"The Bitcoin SV (BSV) community is committed to the \u201cSatoshi Vision\u201d for delivering a secure and scalable Bitcoin network that supports the world\u2019s new money and use as the global enterprise blockchain. As part of its commitment to professionalise the Bitcoin development process, the Bitcoin SV Node implementation team engaged the services of Trail of [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/stag.bitcoinsv.io\/2019\/03\/01\/bitcoin-sv-security-audit-helps-resolve-multiple-vulnerabilities-across-different-bitcoin-blockchains\/\" \/>\n<meta property=\"og:site_name\" content=\"Bitcoin SV\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-01T08:00:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-09-28T06:00:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/bitcoinsv.io\/wp-content\/uploads\/2020\/09\/bitcoin-sv-bsv-mines-world-record-128mb-blocks.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1234\" \/>\n\t<meta property=\"og:image:height\" content=\"616\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@BitcoinSVNode\" \/>\n<meta name=\"twitter:site\" content=\"@BitcoinSVNode\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/bitcoinsv.io\/#organization\",\"name\":\"Bitcoin SV\",\"url\":\"https:\/\/bitcoinsv.io\/\",\"sameAs\":[\"https:\/\/twitter.com\/BitcoinSVNode\"],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/bitcoinsv.io\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/bitcoinsv.io\/wp-content\/uploads\/2020\/10\/bsv-logo-wh-medium.png\",\"width\":800,\"height\":144,\"caption\":\"Bitcoin SV\"},\"image\":{\"@id\":\"https:\/\/bitcoinsv.io\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/bitcoinsv.io\/#website\",\"url\":\"https:\/\/bitcoinsv.io\/\",\"name\":\"Bitcoin SV\",\"description\":\"Just another WordPress site\",\"publisher\":{\"@id\":\"https:\/\/bitcoinsv.io\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/bitcoinsv.io\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/stag.bitcoinsv.io\/2019\/03\/01\/bitcoin-sv-security-audit-helps-resolve-multiple-vulnerabilities-across-different-bitcoin-blockchains\/#webpage\",\"url\":\"https:\/\/stag.bitcoinsv.io\/2019\/03\/01\/bitcoin-sv-security-audit-helps-resolve-multiple-vulnerabilities-across-different-bitcoin-blockchains\/\",\"name\":\"BITCOIN SV SECURITY AUDIT HELPS RESOLVE MULTIPLE VULNERABILITIES ACROSS DIFFERENT BITCOIN BLOCKCHAINS - Bitcoin SV\",\"isPartOf\":{\"@id\":\"https:\/\/bitcoinsv.io\/#website\"},\"datePublished\":\"2019-03-01T08:00:16+00:00\",\"dateModified\":\"2020-09-28T06:00:22+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/stag.bitcoinsv.io\/2019\/03\/01\/bitcoin-sv-security-audit-helps-resolve-multiple-vulnerabilities-across-different-bitcoin-blockchains\/\"]}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/stag.bitcoinsv.io\/2019\/03\/01\/bitcoin-sv-security-audit-helps-resolve-multiple-vulnerabilities-across-different-bitcoin-blockchains\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/stag.bitcoinsv.io\/2019\/03\/01\/bitcoin-sv-security-audit-helps-resolve-multiple-vulnerabilities-across-different-bitcoin-blockchains\/#webpage\"},\"author\":{\"@id\":\"https:\/\/bitcoinsv.io\/#\/schema\/person\/46cc398cafa91a6e758e1ace1e5b7647\"},\"headline\":\"BITCOIN SV SECURITY AUDIT HELPS RESOLVE MULTIPLE VULNERABILITIES ACROSS DIFFERENT BITCOIN BLOCKCHAINS\",\"datePublished\":\"2019-03-01T08:00:16+00:00\",\"dateModified\":\"2020-09-28T06:00:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/stag.bitcoinsv.io\/2019\/03\/01\/bitcoin-sv-security-audit-helps-resolve-multiple-vulnerabilities-across-different-bitcoin-blockchains\/#webpage\"},\"publisher\":{\"@id\":\"https:\/\/bitcoinsv.io\/#organization\"},\"articleSection\":\"Articles\",\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/bitcoinsv.io\/#\/schema\/person\/46cc398cafa91a6e758e1ace1e5b7647\",\"name\":\"Bitcoin SV\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/bitcoinsv.io\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/902148ec68a31e962b4d188ef1a2ddd3?s=96&d=mm&r=g\",\"caption\":\"Bitcoin SV\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","pll_sync_post":[],"_links":{"self":[{"href":"https:\/\/bitcoinsv.io\/wp-json\/wp\/v2\/posts\/2593"}],"collection":[{"href":"https:\/\/bitcoinsv.io\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinsv.io\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinsv.io\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinsv.io\/wp-json\/wp\/v2\/comments?post=2593"}],"version-history":[{"count":2,"href":"https:\/\/bitcoinsv.io\/wp-json\/wp\/v2\/posts\/2593\/revisions"}],"predecessor-version":[{"id":4235,"href":"https:\/\/bitcoinsv.io\/wp-json\/wp\/v2\/posts\/2593\/revisions\/4235"}],"wp:attachment":[{"href":"https:\/\/bitcoinsv.io\/wp-json\/wp\/v2\/media?parent=2593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinsv.io\/wp-json\/wp\/v2\/categories?post=2593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinsv.io\/wp-json\/wp\/v2\/tags?post=2593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}