Grin suffered a potentially catastrophic attack attempt at block height
1136081, by exploiting insufficient rangeproof cache verification logic. This was a worst-case scenario that could have resulted in potentially undetectable inflation.
Fortunately, the attack was detected and mitigated by the community before any significant damage was caused, thanks to Grin++ detecting the issue early, allowing @davidburkett to raise the alarms and help in mitigation.
This led to two patch releases, the latest being v5.0.4 which addresses header sync properly. Please upgrade to the latest version.
While the CVE report is in the process of being published, @joltz provides a comprehensive summary in the relevant forum thread.
Formal call for Grin Community Candidates to a lead an additional fund, financed from the General Fund. All interested are encouraged to volunteer by end of March 2021. Current volunteers:
The last governance meeting locked the ledger bounty to @markhollis and discussed community funding.
Tracking issue and more details on the invalid rangeproof bug.
QA Team [core]
Final Comment Period
“In da’ Forest Grin“ artwork in this edition is by @LovelyGrin.
This newsletter is curated by Daniel Lehnberg. Any views expressed are personal and do not represent an official position of the Grin project.
Got news or articles you would like to include? Any feedback or other suggestions? drop me a line on daniel.lehnberg-at-protonmail.com or find me on Keybase.