| submitted by /u/rnvk
Especially nodes running versions between 0.15 and 16.2 need to upgrade as soon as possible. A bug could be exploited to create an invalid block that gets nonetheless validated by these older versions. This makes a chainsplit a theoretical possibility.
A full resync with the latest software (0.16.3) showed that the bug has not yet been exploited. It probably won't happen as it isn't in the interest of the ecosystem, nor is it easy to excecute. But that's no excuse. Upgrade asap!
More info in the sticky: https://www.reddit.com/r/Bitcoin/comments/9hkoo6/new_info_escalates_importance_upgrading_to_0163/
0.16.3 was announced a few days ago, but if you're running a node and haven't already updated, then you really must do so as soon as possible. The bug fixed in 0.16.3 is more severe than was previously made public. You can download 0.16.3 from bitcoin.org or bitcoincore.org or via BitTorrent, and as always, make sure that you verify the download.
If you only occasionally run Bitcoin Core, then it's not necessary to run out and upgrade it right this second. However, you should upgrade it before you next run it.
Stored funds are not at risk, and never were at risk. Even if the bug had been exploited to its full extent, the theoretical damage to stored funds would have been rolled back, exactly as it was in the value overflow incident. However, there is currently a small risk of a chainsplit. In a chainsplit, transactions could be reversed long after they are fully confirmed. Therefore, for the next week or so you should consider there to be a small possibility of any transaction with less than 200 confirmations being reversed.
Summary of action items:
- You should not run any version of Bitcoin Core other than 0.16.3. Older versions should not exist on the network. If you know anyone who is running an older version, tell them to upgrade it ASAP.
- That said, it's not necessary to immediately upgrade older versions if they are currently shut down. Cold-storage wallets are safe.
- For the next ~week, consider transactions with fewer than 200 confirmations to have a low probability of being reversed (whereas usually there would be essentially zero probability of them being reversed).
- Watch for further news. If a chainsplit happens, action may be required.
These are the tutorials I used:
Needed to change the RaspiBlitz script to install the Bitcoin Core 0.16.3 instead of the now unavailable 17.0-RC3.
For the HDD I used this X820 expnsion board http://www.raspberrypiwiki.com/index.php/X820.
This way only one power source is needed and will be nice and compact once housed without the LCD on.
If you are currently running Bitcoin Core, then you should upgrade to 0.16.3 as soon as possible. You can download it from bitcoin.org or bitcoincore.org or via BitTorrent, and as always, make sure that you verify the download.
If you only occasionally run Bitcoin Core, then it is less urgent, though it would be best to upgrade as soon as convenient.
A bug was found which allows anyone capable of mining a sufficient-PoW block to crash Bitcoin Core nodes running versions 0.14.0 to 0.16.2. Stored funds are not at risk.
Bitcoin Core derivatives such as Knots are also affected and have their own updates.
Release announcement: https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.16.3.md