A bitcoin SV multisig Bug was exploited in one of the scripts for the asset which could result in the potential loss of coins but now there are no investors that lost money so let’s read more in the latest Bitcoin SV news.
The exploit was reported by Blockstream’s co-founder Gregory Maxwell and retweeted by the crypto podcaster Ruben Somsen. The Bitcoin SV multisig bug ended in ripping out the existing multisig and replacing it with a threshold script that was supposed to accept X sigs or more but accepted X or less.
The pay to script hash was deprecated as part of the BSV Genesis upgrade in February 2020 which was then replaced with a new threshold based script that was supposed to accept more than a set number of signatures. As explained by cryptographer Adam Back, the bug maker crated less than or equal instead of a “greater than or equal” number of signatures in the multisig which resulted in the exploit:
“Presume they removed the standard p2sh multisig and replaced with this bugged home-brew multisig due to BSV anti-soft fork posturing, to undo soft-forks.”
Maxwell explained that the results showed that these scripts had no security at all and could just be spent by the script that sets it to zero valid signatures. He added that there are no real funds that were lost and that the flaw was mainly accidental rather than malicious:
“So, of course, zillions of BSV have been taken. Even though there was nothing of value lost here there are probably a few lessons to extract from this.”
He said that there had been a lack of testing and the situation would have been avoided if Bitcoin SV didn’t rip out the competent, time tested, and peer-reviewed mechanisms for multisig by BTC in favor of the far less efficient crypto. Maxwell discovered another potential replay attack vector on bSV back in 201 that could have been executed to steal unsplit funds of BTC users in the chain after the Genesis upgrade. Bitcoin SV prices are unchanged since then and hover at $165 so unlike its more successful siblings, BSV did little in terms of price action in 2020.
Multisig bug in BSV exploited, funds stolen🍿
BSV ripped out the existing multisig (p2sh) and replaced it with a threshold script that was SUPPOSED to accept X sigs or more, but instead accepted X or LESS (including zero)🤦♂️
Full thread by Maxwell (nullc)https://t.co/RMmITsoHj9
— Ruben Somsen 🚵♀️🚵♂️🚵🚳 (@SomsenRuben) November 8, 2020
The bitcoin fork spiked to top $400 as it was reported that Craig Wright received the Tulip Trust keys that could have unlocked a fortune in BTC so it turned out that this was not the case since BSV quickly dumped back to its lethargic levels.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post