139: Emergency Hard Fork Successful 🥵

Mar 15-21 2021

Security

• Grin suffered a potentially catastrophic attack attempt at block height 1136081, by exploiting insufficient rangeproof cache verification logic. This was a worst-case scenario that could have resulted in potentially undetectable inflation.

  Fortunately, the attack was detected and mitigated by the community before any significant damage was caused, thanks to Grin++ detecting the issue early, allowing @davidburkett to raise the alarms and help in mitigation.
  
  This led to two patch releases, the latest being v5.0.4 which addresses header sync properly. Please upgrade to the latest version.
  
  While the CVE report is in the process of being published, @joltz provides a comprehensive summary in the relevant forum thread.

Governance

• Formal call for Grin Community Candidates to a lead an additional fund, financed from the General Fund. All interested are encouraged to volunteer by end of March 2021. Current volunteers:

  • anynomous

  • davidtavarez

  • hendi

  • Mac (new!)

  • mcm-mike

• Request for funding: @gene (Adaptor signature atomic swaps GRN-BTC)

• Request for funding: @trevyn April 2021

• #community_fund proposals:

  • A split fund proposal

  • Another split fund proposal

  • An amendment to the Grants model proposal

  • Pay in Grin

• The last governance meeting locked the ledger bounty to @markhollis and discussed community funding.

• The next bi-weekly governance meeting is scheduled for Tue Mar 30 @ 15:00 UTC in grincoin#general on Keybase. You can add topics to the agenda.

Dev

• There are 113 open issues in /grin, and 69 open issues in /grin-wallet.

• Merged PRs: 8 in /grin | 1 in /grin-wallet | 4 contributors

• Tracking issue and more details on the invalid rangeproof bug.

• The next bi-weekly development meeting is scheduled for Tue Mar 23 @ 15:00 UTC in grincoin#general on Keybase. You can add topics to the agenda.

RFCs

Draft

• Early payment proofs [wallet-dev] 

• Safe cancel [wallet-dev]

• Payjoins support [wallet-dev]

Open

• QA Team [core]

Final Comment Period

-

Accepted

-

Closed

-

---

“In da’ Forest Grin“ artwork in this edition is by @LovelyGrin.

This newsletter is curated by Daniel Lehnberg. Any views expressed are personal and do not represent an official position of the Grin project.

Got news or articles you would like to include? Any feedback or other suggestions? drop me a line on daniel.lehnberg-at-protonmail.com or find me on Keybase.