Accounting for the Bitcoin Bug
What Happened
CVE-2018–17144
This is the name of the bug that was filed with the National Vulnerability database early last month. Unnervingly, this bug had already been floating around the Bitcoin Core github for 2 years or so.
This issue was logged on September 17, 2018. Medium author, Awemany, came forward claiming to be the originator of the bug in a tense post. (The Bitcoin Core recounting of the situation denotes, however, that the user was anonymous.) In his Medium post, he claims this bug to be “…the most catastrophic bug in recent years…”
The issue encountered was with validating transactions coming in from the mempool. The bug essentially allowed for a double spend to occur, one of the most cited issues that blockchains are supposed to solve. In the Bitcoin testnet, the bug was replicated with 0.1 Bitcoin.
An uproar in the community ensued. According to Emin Gün Sirer of Cornell University, the whole network could have been brought down by less than $80,000. How did no one find it before? Why was it not dealt with shortly after the initial Github bug was filed two years ago? Did Bitcoin Core devs handle the issue appropriately? Calls for the beefing up of the Bitcoin open source community and expanding capacity for code reviews was a prominent theme of conversation. The notion of what else could still be lurking in the Bitcoin Core code is still floating in the mindset of many.
This will likely not be the last time that a bug like this is surfaced. The community was lucky this time that is was not exploited. Litecoin and Bitcoin Cash clients were rapidly updated after Bitcoin Core released the narrative.
Accounting Murkiness
There are unsurprisingly no clear rules for how these kinds of inflationary bugs should accounted for in the United States. Should it be marked as an asset with the same value as the rest of the market for that currency is? If the Bitcoin Core team rolls back any transactions with inflationary Bitcoin, is it considered an asset write-off?
We at VeriLedger are actively participating in thought leadership efforts to push for regulatory authorities to provide better guidance as to how to treat these kinds of issues that are unique to the cryptocurrency space. If you are interested in joining us, please contact us here.
