Grin experienced a network level attack during the night of Nov 7-8, where an entity acquired enough hash power to perform reorg attacks.
@mcmmike and @deev authored an incident report that gives further details.
The community discussed and solidified its stance regarding 51% attacks back in July when we were warned about the risk when another project was attacked. The position was and remains that Grin would rather suffer a 51% attack than adopt an unsound longest chain rule.
It’s not unreasonable to expect further attacks to follow. As for any proof of work mined coin, before accepting a large amount transaction as valid, you should wait for a high number of confirmations.
On this basis, @energyburn proposes a mitigation with Dynamic TX confirmation times in the wallet.
Shout out to @joltz, @quentinlesceller, @deev, and @mcmmike who were working through the weekend researching and analysing the incident.
Scope for v5.0.0 has been frozen, with betas targeted for Nov 24 2020. Follow along on the progress:
Progress update from Grin++ mobile wallet developer @davidtavarez.
Last governance meeting discussed Council accountability and HTTPs deprecation.
Parallel IBD p2p messages [node-dev]
Eliminating finalize step [wallet-dev]
Early payment proofs [wallet-dev]
Safe cancel [wallet-dev]
Payjoins support [wallet-dev]
QA Team [core]
Final Comment Period
Deprecate HTTP(S) Transactions [wallet-dev], with disposition to merge by October 28
“Find Grin” artwork in this edition is by @LovelyGrin.
This newsletter is curated by Daniel Lehnberg. Any views expressed are personal and do not represent an official position of the Grin project.
Got news or articles you would like to include? Any feedback or other suggestions? drop me a line on daniel.lehnberg-at-protonmail.com or find me on Keybase.