Research: 60% of All Bitcoin Full-Nodes Are Still Vulnerable to Inflation Bug
According to bitcoin (BTC) node stats reported on the website of bitcoin core developer Luke Dashjr, 60.22% of the coin’s full-nodes are running software still vulnerable to the inflation bug at press time.
According to the reported data, the software running on 60,101 bitcoin full-nodes is vulnerable to the CVE-2018-17144 bug. As Cointelegraph reported at the end of September last year, the bug allows malicious miners to artificially inflate bitcoin’s supply via a simple type of double input.
According to a Cointelegraph analysis, at the time — likely because of the possible catastrophic consequences of the presence of the bug — the developers decided to keep it a secret and only revealed that the bug made the network vulnerable to Distributed Denial of Service attacks. The developers disclosed the full danger of the vulnerability at a later time, after it had been already fixed.
The stats on Dashjr’s website also claim that there are 99,638 bitcoin full-nodes currently running at press time, a number about ten times higher than reported by most bitcoin analytics platforms. For instance, BitNodes claims that there are now 9,515 bitcoin full nodes, while CoinDance reports that there are only 9,391 nodes running at press time.
Technology news outlet The Next Web cited Dashjr as previously explaining that this discrepancy is actually due to the fact that most such platforms only include listening full-nodes. Still, according to the report, whether a node is “listening” or not is a mostly-irrelevant technical detail.
A consequence of a node “listening” is that it is more visible and easier to find, according to The Next Web. Dashjr reportedly explained that “economic nodes — those handling transactions — can be both listening and not,” and concluded:
“Frankly, looking at just listening nodes isn’t a very useful metric — non-listening nodes are just as relevant.”
Dashjr’s chart of bitcoin nodes is based on four weeks of data and is updated hourly.
At the beginning of February, EOS.io, the company responsible for the development of fourth-largest crypto by market cap eos, had already handed over bug bounties for five critical vulnerabilities this year.