Bitcoin Has Had 2 Inflation Bugs
During Bitcoins lifetime it has had 2 inflation bugs where anybody could mint as many coins as they wanted. The first time someone actually abused the bug and minted coins which resulted in the network forking into a version were those coins didn't exist. The second inflation bug was found by a Bitcoin Cash developer who responsibly disclosed the bug.
If you could mint Bitcoin out of thin air would you?
Pictured below is block #74638 the block where the 184-Billion BTC were minted and sent to two addresses. This exploit was quickly noticed by Jeff Garzik one of the initial developers of Bitcoin who then posted on the Bitcoin talk forums about the occurrence. The chain was rolled back within 5 hours of this bug being found.
CVE-2010-5139 was caused by a Integer overflow in wxBitcoin and bitcoind versions 0.3.11 & before which allowed remote attackers to bypass intended economic restrictions and create bitcoins via a crafted Bitcoin transaction.
"This was possible because the code used for checking transactions before including them in a block didn't account for the case of outputs so large that they overflowed when summed. The bad transaction no longer exists for people using the longest chain. Therefore, the bitcoins created by it do not exist either. While the transaction does not exist anymore, the 0.5 BTC that was consumed by it does. It appears to have come from a faucet and has not been used since."
The Fix for CVE-2010-5139 can be seen below
The second inflation bug in bitcoin know as CVE-2018-17144 was actually a 2 part bug that included a DoS vulnerability but also an inflation vulnerability where you could double spend coins. This was found by Bitcoin Cash developer Awemany.
As you can see below the cause & fix for this vulnerability was in line 3035 where the !CheckTransaction function state was set to false instead of true an automated test was also added to test the scenario of the block with duplicate coin (“input”) spend.
This bug was introduced to bitcoin in Bitcoin Core 0.15.0 which was released on Sep 14, 2017 and was found & patched on Sep 17, 2018, over a year later.
Here is some more documentation about these bugs.
https://www.whitehacklabs.com/cve-2018-17144-bitcoin-that-was-close/
https://bitcoindev.network/looking-back-on-exploiting-cve-2018-17144/