139: Emergency Hard Fork Successful 🥵

Mar 15-21 2021

Security

  • Grin suffered a potentially catastrophic attack attempt at block height 1136081, by exploiting insufficient rangeproof cache verification logic. This was a worst-case scenario that could have resulted in potentially undetectable inflation.

    Fortunately, the attack was detected and mitigated by the community before any significant damage was caused, thanks to Grin++ detecting the issue early, allowing @davidburkett to raise the alarms and help in mitigation.

    This led to two patch releases, the latest being v5.0.4 which addresses header sync properly. Please upgrade to the latest version.

    While the CVE report is in the process of being published, @joltz provides a comprehensive summary in the relevant forum thread.

Governance

Dev

RFCs

Draft

Open

Final Comment Period

-

Accepted

-

Closed

-

Share


“In da’ Forest Grin“ artwork in this edition is by @LovelyGrin.

This newsletter is curated by Daniel Lehnberg. Any views expressed are personal and do not represent an official position of the Grin project.

Got news or articles you would like to include? Any feedback or other suggestions? drop me a line on daniel.lehnberg-at-protonmail.com or find me on Keybase.