Bitcoin core developers Jeff Garzik and Gavin Andresen have responded to Mt. Gox’s claims that there is a flaw in the Bitcoin software.
Mt. Gox issued a statement this morning (GMT), revealing it had suspended bitcoin withdrawals indefinitely due to a previously known technical issue with its custom wallet implementation of the Bitcoin core protocol.
Garzik stressed that Mt. Gox seems to be attempting to shift the blame for its recent failings onto Bitcoin and its developers.
“First and foremost, bitcoin is not broken. There is no fundamental flaw in bitcoin,” said Garzik.
The #bitcoin protocol and network are just fine today. Let’s not over-react about a technical issue in one custom implementation.
— Jeff Garzik (@jgarzik) February 10, 2014
He went on to explain that Mt. Gox’s issue is with a technical detail called transaction malleability, which has been known about since 2011 and even has its own wiki entry.
The Linux kernel engineer highlighted this point in another tweet this afternoon.
#bitcoin transaction malleability wiki page, https://t.co/ggc76lkyTG Remember kids: zero-confirmation transactions are not secure. — Jeff Garzik (@jgarzik) February 10, 2014
Garzik told CoinDesk: “There are certain security practices that sites like Mt. Gox need to follow. Most notably, customer support staff and related software must not assume that transaction IDs are unchangeable, prior to being confirmed in the block chain.
“Confirmation in the block chain is bitcoin’s core security mechanism.”
He said it is unlikely that this issue will cause any emergency updates to be made to the core bitcoin software, but it could lead to some websites, such as Mt. Gox, updating their versions of the software.
Garzik commented that it is difficult to make software that people can use and adjust without making errors.
“Programmers are not immune to missing documented details. And new systems are not immune to rough edges, but we’re always on the lookout for ways to remove the sharp edges that people cut themselves on,” he concluded.
Bitcoin Foundation: Contrary to Mt. Gox’s Statement, Bitcoin is not at fault https://t.co/8vDLCnrqG5 #btcf via @jonmatonis
— Bitcoin Foundation (@BTCFoundation) February 10, 2014
Gavin Andresen, lead developer on The Bitcoin Project, confirmed in a statement on the Bitcoin Foundation’s blog that the core development team has been working to limit transaction malleability.
“There is broad agreement in the community that this needs to be eliminated. Finding the best and most responsible solution will take time. In the meantime, users of the reference implementation do not need to be concerned. Transactions are always tracked properly by the Bitcoin-Qt/bitcoind software,” he explained.
Andresen concluded that the foundation is committed to working with companies within the bitcoin ecosystem to produce best practice documents to help improve the main Bitcoin software.