Halborn, a blockchain security company, found critical vulnerabilities in Dogecoin Core 1.14.5 and older software, according to a security disclosure. The vulnerabilities affected an additional 280 instances of blockchain software derived from Bitcoin.
Halborn was hired in March 2022 to examine the Dogecoin open-source codebase for any bugs that would compromise the blockchain's security.
The Halborn researchers discovered several security vulnerabilities in the open-source code for blockchain networks like Dogecoin, Litecoin and numerous others with a similar codebase in their assessment. Peer-to-peer (P2P) communications had the most critical vulnerability, according to its report.
Vulnerabilities affect 280 blockchains
Halborn found that over 280 other networks, including Litecoin and Zcash, were affected by the "Rab13s" vulnerabilities that were discovered inside the p2p messaging protocols on affected networks, putting over $25 billion in digital assets in danger.
With this bug, an attacker can craft malicious consensus messages to send to individual nodes, leading them to shut down and ultimately exposing the network to serious dangers like 51% attacks.
Halborn discovered a zero-day that was exclusive to Dogecoin and an RPC (Remote Procedure Call) remote code execution vulnerability that affected individual miners. Also, variations of these zero-day vulnerabilities were found on related blockchain networks, such as Litecoin and Zcash.
Today, a security disclosure for Dogecoin Core was published by @HalbornSecurity. The vulnerabilities were fixed in version 1.14.6, last year.
— Your Friend (@patricklodder) March 13, 2023
Node operators are recommended to upgrade to 1.14.6 if they haven't done so already.https://t.co/DCXBatgmRM
Halborn privately alerted Dogecoin developers of the vulnerabilities, and these were confirmed to be fixed in the code that was made available in version 1.14.6.
In response to this security disclosure, Dogecoin developers urge users to update their nodes to the most recent version, 1.14.6.
In positive news, the first Braille Doge Wallet generator in the world has been released, marking a historic milestone.