Blockchain security firm Halborn recently examined the Dogecoin open-source codebase and discovered critical vulnerabilities in Dogecoin Core 1.14.5 and older software. The vulnerabilities were also found to affect over 280 other instances of blockchain software derived from Bitcoin, including Litecoin and Zcash, putting over $25 billion in digital assets at risk.
According to the security disclosure, Halborn was hired by Dogecoin in March 2022 to conduct a security assessment and identify any bugs that could compromise the blockchain’s security. During the assessment, Halborn researchers discovered several security vulnerabilities in the open-source code for blockchain networks like Dogecoin and Litecoin, with the most critical vulnerability found in peer-to-peer (P2P) communications.
The “Rab13s” vulnerabilities discovered by Halborn inside the P2P messaging protocols on affected networks could enable an attacker to craft malicious consensus messages, leading individual nodes to shut down and ultimately exposing the network to serious dangers like 51% attacks. Halborn also discovered a zero-day vulnerability exclusive to Dogecoin and an RPC (Remote Procedure Call) remote code execution vulnerability that affected individual miners. Variations of these zero-day vulnerabilities were found on related blockchain networks such as Litecoin and Zcash.
After privately alerting Dogecoin developers of the vulnerabilities, fixes were implemented in the code that was made available in version 1.14.6.
Dogecoin developers urge users to update their nodes to the most recent version in response to this security disclosure.
