Bitcoin Core developers published a “full disclosure” of the vulnerability affecting several implementations of the Bitcoin (BTC) client Friday, September 21, repeating calls for all nodes to upgrade to the latest version as a priority.
In addition to technical details about the bug, known as CVE-2018-17144, the disclosure explains how developers dealt with the threat to the Bitcoin network, along with a timeline of its discovery and patching in Bitcoin Core version 0.16.3.
“In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade,” the notice reads.
CVE-2018-17144 had spooked the Bitcoin technical community when an anonymous party reported it this week, with Bitcoin.org creator Cobra describing its potential impact as “very scary.”
“At this time we believe over half of the Bitcoin hashrate has upgraded to patched nodes. We are unaware of any attempts to exploit this vulnerability,” the disclosure continues, adding:
“However, it still remains critical that affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs.”
The impetus to upgrade at the current time appears not to be shared unanimously, with Bitcoin Core developer Luke-jr subsequently claiming the update publication was “premature.”
“[In my opinion] this is being disclosed way too prematurely (only 2% of the network has upgraded), but the cat’s out of the bag,” he wrote on Twitter, nonetheless urging followers to upgrade “ASAP!”