VALUE OVERFLOW

Guest Written by Daniel Sempere Pico

Bitcoin was a thing of beauty when Satoshi unveiled it to the world in late 2008 but it wasn’t an immaculate conception. There were bugs and glitches that had to occasionally be ironed out, and within 24 hours of its release, ultra-early adopters such as Hal Finney were helping Satoshi patch the Bitcoin codebase.

Most of the bugs that emerged in Bitcoin’s first 18 months of existence were either non-critical or were not exploited because network users were too few and economic incentives too low to take advantage of them. But that wasn’t the case on August 15th, 2010 when Bitcoin was impacted by an event that’s come to be known as the Value Overflow Incident.

As every Bitcoiner knows, the network’s supply is capped at 21 million coins. So how was an unknown attacker able to create 8,784 times more BTC than should ever exist in one fell swoop? The root of the exploit lay in an integer overflow bug in Bitcoin’s transaction verification logic. Early Bitcoin versions tracked money amounts in a 64-bit integer but the code didn’t properly handle exceedingly large transaction outputs, allowing the sum of outputs in a transaction to wrap around the maximum value representable by the integer.

In simpler terms, this meant that if you tried to create outputs so large that adding them together “overflowed” the number range, Bitcoin’s software miscomputed the total. The result was that a transaction could appear balanced (inputs equal outputs) when in reality it created an enormous amount of new BTC out of nothing.

Normally, Bitcoin nodes should reject any transaction that creates new coins beyond the input amounts – and certainly above the 21 million BTC cap. But due to the missing check, the malicious transaction slipped through validation and was accepted into a block. It was a major flaw that had hitherto gone undetected and now threatened to torpedo the network just as it was starting to see serious action.

Houston We Have a Problem

Once the block containing the 184 billion bitcoins was mined and broadcast, every Bitcoin node running the old software accepted it as valid, adding the phantom coins to their ledger. The implications, if this situation were allowed to run unchecked, were dire since it would mean Bitcoin’s supply limit was meaningless.

Instant hyperinflation and an absolute collapse of trust was a real possibility, adding irony to Satoshi’s words on how “The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust.”

Two things saved Bitcoin from possibly losing all trust and value in the same day: the speed with which the bug was spotted and the unanimity with which its small developer team agreed to tackle the problem. Developer Jeff Garzik found the glitch and the community was quick to respond, with forum user “lfm” explaining that “a block at height 74638 has exploited a bug...It uses an integer overflow to make a negative total transaction…We need a fix ASAP.”

It was all hands on deck and within an hour of incident detection Satoshi sent a bold warning to the Bitcoin developers mailing list: “We are investigating a problem. DO NOT TRUST ANY TRANSACTIONS THAT HAPPENED AFTER 2010-08-15 17:05 UTC (block 74638) until the issue is resolved.”

It was one thing to identify the bug but quite another to determine how to fix it – and how this would impact subsequent transactions on the Bitcoin network. A handful of developers including Jeff Garzik and the ever reliable Gavin Andresen jumped in and the team rapidly patched the bug. Within six hours of the exploit, Bitcoin version 0.3.10 was released by Satoshi, fixing the overflow incident, and miners rapidly began upgrading their clients.

Within 12 hours of Bitcoin’s codebase being updated, the majority of miners were verifying transactions for the “good” chain that rejected the overflow bug – but there were still plenty of unpatched nodes running the “bad” chain. The good chain quickly overtook the other in length, however, and with Bitcoin’s software designed to favour the longest chain, it was only a matter of time until the poisonous block was dropped from the network altogether.

Everything went better than expected, but for a few feverish hours, it had looked touch and go whether Bitcoin would survive the night. One miner wrote on the forum that he was “chucking as much CPU at this as I can,” even enlisting his wife’s PC to target the “good”chain in an effort to help it catch up.

Not only had the crisis been surmounted, but it inspired the community to come back stronger. In the aftermath, developers implemented additional safety measures including an alert system allowing developers to broadcast critical warnings to all clients. Bitcoin lived to fight another day but it had been a close call.