The Bitcoin network is currently facing a discreet but serious threat. About 13% of the nodes that maintain and secure the blockchain are vulnerable to a critical flaw that could cause them to crash. This vulnerability, identified in May 2023, persists in several nodes that have not yet been updated with the latest version of the Bitcoin Core software. While Bitcoin’s security is often praised for
A critical vulnerability unpatched in 13% of Bitcoin nodes
In May 2023, the developers of Bitcoin discovered a major vulnerability in the Bitcoin Core software.The bug, named CVE-2024-35202, affects nodes running versions prior to 25.0.More than 13.7% of active nodes in the network have not yet installed this critical update , leaving a significant portion of the network at risk of failure.According to the developers, the flaw lies in the compact block system, a system designed to optimize data processing by reducing the size of transa More than 13.7% of active nodes in the network have not yet installed this critical update , leaving a significant portion of the network at risk of failure.ctions sent to nodes.Such a bug can lead to the collapse of individual nodes, thus compromising the network’s stability."Affected nodes may be forced into an invalid state, causing a complete shutdown," the developers explain in an official report.Although the bug is fixed in version 25.0, the fact that Bitcoin Core does not offer automatic updates leaves many node operators.The update requires manual intervention , which seems to be a hurdle for many of them.
Why aren’t so many nodes updated?
The lack of automatic updates in the Core software raises questions about the management and node security of a critical network like Bitcoin. Indeed, each node operator is responsible for maintaining and updating its a choice linked to the decentralized philosophy of Bitcoin.However, this manual management is currently the source of vulnerability for nodes that have not yet integrated the latest. "Bitcoin Core does not force users to update their software, leaving some nodes functional with outdated vulnerabilities," the developers point out.How then can we ensure the security of the network while respecting its founding principle of decentralization?
Among the reasons why some operators delay updating their nodes, there is often distrust of new versions or the lack of techniques to understand the importance of these updates.