Gavin Andresen and Jeff Garzik: Mt. Gox is Wrong, Bitcoin isn’t Broken

shutterstock_166883651-1
10 February 2014

Bitcoin core developers Jeff Garzik and Gavin Andresen have responded to Mt. Gox’s claims that there is a flaw in the Bitcoin software.

Mt. Gox issued a statement this morning (GMT), revealing it had suspended bitcoin withdrawals indefinitely due to a previously known technical issue with its custom wallet implementation of the Bitcoin core protocol.

Garzik stressed that Mt. Gox seems to be attempting to shift the blame for its recent failings onto Bitcoin and its developers.

“First and foremost, bitcoin is not broken. There is no fundamental flaw in bitcoin,” said Garzik.

He went on to explain that Mt. Gox’s issue is with a technical detail called transaction malleability, which has been known about since 2011 and even has its own wiki entry.

The Linux kernel engineer highlighted this point in another tweet this afternoon.

Garzik told CoinDesk: “There are certain security practices that sites like Mt. Gox need to follow. Most notably, customer support staff and related software must not assume that transaction IDs are unchangeable, prior to being confirmed in the block chain.

“Confirmation in the block chain is bitcoin’s core security mechanism.”

He said it is unlikely that this issue will cause any emergency updates to be made to the core bitcoin software, but it could lead to some websites, such as Mt. Gox, updating their versions of the software.

Garzik commented that it is difficult to make software that people can use and adjust without making errors.

“Programmers are not immune to missing documented details. And new systems are not immune to rough edges, but we’re always on the lookout for ways to remove the sharp edges that people cut themselves on,” he concluded.

Gavin Andresen, lead developer on The Bitcoin Project, confirmed in a statement on the Bitcoin Foundation’s blog that the core development team has been working to limit transaction malleability.

“There is broad agreement in the community that this needs to be eliminated. Finding the best and most responsible solution will take time. In the meantime, users of the reference implementation do not need to be concerned. Transactions are always tracked properly by the Bitcoin-Qt/bitcoind software,” he explained.

Andresen concluded that the foundation is committed to working with companies within the bitcoin ecosystem to produce best practice documents to help improve the main Bitcoin software.