A bug has been discovered in some bitcoin transactions.
It is not a dangerous bug, but it affects 2% of bitcoin transactions and increases the risk of a hypothetical form of attack with which some miners could steal bitcoins from other miners.
The discovery was made by the German freelance developer Bitcoin 0xB10C, who documented it in a post on his blog.
Simply put, some bitcoin wallets create faulty transactions with future execution. These transactions should not be transmitted through the Bitcoin network, but this happens all the time.
0xb10c discovered over a million of these incorrect timelocked transactions between September 2019 and March 2020, representing 10% of all timelocked transactions.
The German developer is part of a global network of researchers who test the bitcoin network for problems or risks, even theoretical ones previously unknown.
A transaction with timelock prevents BTC recipients from being able to use them immediately, having to wait for a certain number of future blocks.
Defective timelocked transactions discovered by 0xb10c were set for the current block, i.e. without delay, and can be used for fee-sniping.
Fee-sniping can allow a malicious miner to replace a block that someone else has just mined with their own, with the same identical transactions and others still pending. The timelock serves to prevent them from including the latter, making the attack inconvenient.
The fact is that fees could become an increasingly important source of profit for miners in the future, increasing the risks associated with these faulty timelock transactions.
So although the bug is not really dangerous at the moment, it could become dangerous in the future.
0xb10c has also discovered that many of these defective transactions were carried out by a single, large entity that he preferred not to reveal.
However, he said that he contacted him and received a response that they will look for a solution, although it may take some time.
0xb10c points out that a possible solution has been known since early 2020, but it will still take some time before all instances of the software subject to the bug are updated.