What Bitcoin Did #35 An Interview with Jake Chervinsky

‘œI am skeptical about this concept of doing a securities issuance and then trying to escape liability by converting the token you used for that issuance into something else, this is not how liability works. If you violate the securities law you are liable no matter what you do afterwards.’

‘” Jake Chervinsky

Interview location: Skype

Interview date: Wed 19th September 2018

Company: Kobre & Kim

Role: Associate Lawyer

The growth of Cryptocurrencies has increasingly come under the lens of regulators. From Wall Street adoption to raising finance, Cryptocurrencies are rubbing shoulders with traditional finance. As regulators work to ensure that Cryptocurrencies are following due process, the industry is watching closely.

In this episode I talk to lawyer Jake Chervinsky from Kobre & Kim, a firm who represents Cryptocurrency companies about:

  • The SEC

  • Securities

  • ETFs

  • Bakkt

  • FINRA

  • The Banking Secrecy Act

  • Shapeshift

  • KYC/AML

  • Market manipulation

  • XRP

This episode is also on:

Listen to more What Bitcoin Did episodes

Powered by WPeMatico

CVE-2018-17144 Full Disclosure

Full disclosure

CVE-2018-17144, a fix for which was released on September 18th in Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability. It was originally reported to several developers working on Bitcoin Core, as well as projects supporting other cryptocurrencies, including ABC and Unlimited on September 17th as a Denial of Service bug only, however we quickly determined that the issue was also an inflation vulnerability with the same root cause and fix.

In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade. On September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated.

At this time we believe over half of the Bitcoin hashrate has upgraded to patched nodes. We are unaware of any attempts to exploit this vulnerability.

However, it still remains critical that affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs.

Technical Details

In Bitcoin Core 0.14, an optimization was added (Bitcoin Core PR #9049) which avoided a costly check during initial pre-relay block validation that multiple inputs within a single transaction did not spend the same input twice which was added in 2012 (PR #443). While the UTXO-updating logic has sufficient knowledge to check that such a condition is not violated in 0.14 it only did so in a sanity check assertion and not with full error handling (it did, however, fully handle this case twice in prior to 0.8).

Thus, in Bitcoin Core 0.14.X, any attempts to double-spend a transaction output within a single transaction inside of a block will result in an assertion failure and a crash, as was originally reported.

In Bitcoin Core 0.15, as a part of a larger redesign to simplify unspent transaction output tracking and correct a resource exhaustion attack the assertion was changed subtly. Instead of asserting that the output being marked spent was previously unspent, it only asserts that it exists.

Thus, in Bitcoin Core 0.15.X, 0.16.0, 0.16.1, and 0.16.2, any attempts to double-spend a transaction output within a single transaction inside of a block where the output being spent was created in the same block, the same assertion failure will occur (as exists in the test case which was included in the 0.16.3 patch). However, if the output being double-spent was created in a previous block, an entry will still remain in the CCoin map with the DIRTY flag set and having been marked as spent, resulting in no such assertion. This could allow a miner to inflate the supply of Bitcoin as they would be then able to claim the value being spent twice.

Timeline

Timeline for September 17, 2018: (all times UTC)

  • 14:57 anonymous reporter reports reports crash bug to: Pieter Wuille, Greg Maxwell, Wladimir Van Der Laan of Bitcoin Core, deadalnix of Bitcoin ABC, and sickpig of Bitcoin Unlimited.
  • 15:15 Greg Maxwell shares the original report with Cory Fields, Suhas Daftuar, Alex Morcos and Matt Corallo
  • 17:47 Matt Corallo identifies inflation bug
  • 19:15 Matt Corallo first tries to reach slushpool CEO to have a line of communication open to apply a patch quickly
  • 19:29 Greg Maxwell timestamps the hash of a test-case which demonstrates the inflation vulnerability (a47344b7dceddff6c6cc1c7e97f1588d99e6dba706011b6ccc2e615b88fe4350)
  • 20:15 John Newbery and James O’Beirne are informed of the vulnerability so they can assist in alerting companies to a pending patch for a DoS vulnerability
  • 20:30 Matt Corallo speaks with slushpool CTO and CEO and shares patch with disclosure of the Denial of Service
  • 20:48 slushpool confirmed upgraded
  • 21:08 Alert was sent to Bitcoin ABC that a patch will be posted publicly by 22:00
  • 21:30 (approx) Responded to original reporter with an acknowledgment
  • 21:57 Bitcoin Core PR 14247 published with patch and test demonstrating the Denial of Service bug
  • 21:58 Bitcoin ABC publishes their patch
  • 22:07 Advisory email with link to Bitcoin Core PR and patch goes out to Optech members, among others
  • 23:21 Bitcoin Core version 0.17.0rc4 tagged

September 18, 2018:

  • 00:24 Bitcoin Core version 0.16.3 tagged
  • 20:44 Bitcoin Core release binaries and release announcements were available
  • 21:47 Bitcointalk and reddit have public banners urging people to upgrade

September 19, 2018:

  • 14:06 The mailing list distributes an additional message urging people to upgrade by Pieter Wuille

September 20, 2018:

  • 19:50 A developer by the title earlz independently discovered and reported the vulnerability to the Bitcoin Core security contact email.

CVE-2018-17144 Full Disclosure was originally published by Bitcoin Core at Bitcoin Core on September 20, 2018.

Powered by WPeMatico

#253 Angela C. Walch: The Case for Treating Developers as Fiduciaries in Public Blockchains

The expectation has become widespread that blockchains will end up underpinning major societal infrastructures. The narrative in the blockchain space is that networks are decentralized and trustless and thus regulation should not apply to networks directly. Legal scholar Angela C. Walch has been questioning terms like decentralization and trustlessness and argues that blockchains shift the need for trust rather than remove it. Her controversial ideas include that key developers of open-source project should be treated as fiduciaries and held accountable for the consequences of their work.

Angela Walch is a professor of law at St Mary University School of Law and a Research Fellow at the Center for Blockchain at UCL. She is a graduate of Harvard College and Harvard Law School and has been doing academic work on legal issues surrounding public blockchains since 2013.

Topics discussed in this episode:

  • How she became interested in Bitcoin and issues around the narratives of decentralization and trustlessness
  • How her work has been received in the blockchain space
  • The problematic lack of a clear definition of terms like trustless, immutable and decentralized
  • Why blockchains should be looked at as trust-shifting, not trustless
  • The definition and role of fiduciaries in society
  • Why blockchain developers could be considered fiduciaries
  • The practical implications and difficulties of regulating blockchain developers as fiduciaries
  • How the SEC’s stance on blockchains connects with the question of developers being fiduciaries
  • Her personal views on the value and promise of blockchain tech

Links mentioned in this episode:

Sponsors:

  • Toptal: Simplify your hiring process & access the best blockchain talent’ ‘” Get a $1,000 credit on your first hire
  • Azure: Deploy enterprise-ready consortium blockchain networks that scale in just a few clicks

Support the show, consider donating:

This episode is also available on :

Watch or listen, Epicenter is available wherever you get your podcasts.

Epicenter is hosted by Brian Fabian Crain, Sƒbastien Couture & Meher Roy.

Powered by WPeMatico

Bitcoin Core 0.16.3 Released

Bitcoin Core version 0.16.3 is now available for download with a fix for a denial-of-service vulnerability introduced in
Bitcoin Core 0.14.0 and affecting all subsequent versions though to
0.16.2. We highly recommend users of all affected versions immediately
upgrade to 0.16.3.

Security issue CVE-2018-17144: it was discovered that older versions of Bitcoin Core
will crash if they try to process a block containing a transaction that
attempts to spend the same input twice. Such blocks are invalid, so
they can only be created by a miner willing to sacrifice their allowed
income for creating a block of at least 12.5 BTC (about $80,000 USD as
of this writing). This release eliminates the crash, allowing the
software to quietly reject such invalid blocks.

For a complete list of changes, please see the release notes. If
have any questions, please stop by our IRC chatroom and we’ll do
our best to help you.

Bitcoin Core 0.16.3 Released was originally published by Bitcoin Core at Bitcoin Core on September 18, 2018.

Powered by WPeMatico

The Crypto Show With Ryan Taylor, Bob Carroll, Ken Hodler, John? & DJ Scribs

‚ Today we have Ryan Taylor CEO and Bob Carroll CTO of Dash Core Group. This interview was part of the inaugural Denver Dash meetup and was recorded in front of a live audience.Then 2 previously recorded interviews from the Wyohackathon at UW in Wyoming. Ken Hodler and John part of the KeepKey team sit down to give us the latest on KeepKey. Then Doug Scribner AKA DJ Scribs fills us in on the latest with Vault Logic.

Sponsored by: Dash, Stamp.com, Texas Bitcoin Conference WorldCryptoCon Anarchapulco

Always use the coupon code: crypto with any of our sponsors for discounts or specials.

Links

880am TheBiz Miami

1110am KTEK Houston

1690am KDMT Denver

1220am KDOW San Francisco

LogosRadioNetwork

https://www.amazon.com/dp/1119365597/ref=cm_sw_r_sms_c_api_IQPczbQHWJKP8

TheCryptoShow

FreeRoss

Social Media

The Crypto Show on Facebook

@TheCryptoShow

@The_Crypto_Show

@the_crypto_show instagram

The Crypto Show YouTube

Tip with Crypto

BTC: 139R6K7fxTYaFf2aXTid84Le1ayqMVvSCq

Dash: XoeHNrTMKcLWxZpKfUnDMpRbHFNgFmRrLF

LTC: LUTJtk4QqXLiDkK8pDKK3jM73VVwbp7oSr

BCH: qrf5qmpya8zetcefupdcaew9ch87egl6us7xvrfzh4.

ETH: 0x10cfd6916832566e82b3ab38cc6741dfd7e6164fo.

Powered by WPeMatico