NEWS: V1.1.1 has been released!!

The release of v1.1.1 provides critical security updates previously disclosed to existing EOSIO-based blockchain custodians as well as non-critical security updates.

Description of the Critical Issues

Self-Cancelling Deferred Transactions

Calling¬†cancel_deferred(sender_id)¬†using the¬†sender_id¬†of the currently executing deferred transaction was not properly handled. This has been resolved so that the¬†cancel_deferred¬†call semantics match the expectation that passing invalid or already-retired¬†sender_id¬†is a no-op. The currently executing transaction is considered “retired” WRT these semantics.

Description of the Non-Critical Issues

Stalled Producer Plugin

Promoting producer schedule changes from pending to active requires 2/3+1 confirmations from the currently active producers. There was an edge case when:

  • 2/3 confirmations were present (only 1 more needed) AND
  • The FIRST producer who had the option to provide the last confirmation each round was DOWN or otherwise not producing AND
  • ALL other producers who had the option were either
    • not present in the pending schedule OR
    • had moved to a different position in the list

In this case, the remaining producer nodes who could provide the needed confirmation would calculate the wrong time to wake-up and produce a confirmation.

In extreme cases, this would lead to enough producers abstaining from production, despite being live and ready, to stall the promotion. This issue has been resolved.

BNet Plugin Safety

The BNet plugin exchanges messages with peers to optimize out multiple delivery of a single block. There is now a limited window of retained block IDs for this purpose.

Net Plugin Sanity Checks

The Net plugin has improved sanity checks on incoming block requests.

extended_symbol::operator <

Contracts which compared extended_symbols using the < operator would not take the extended information about hosting contract into account. This change will be reflected in the next release of the WASM SDK.

Mitigations

  • None

We tested on Jungle Testnet and We are done on Mainnet. Thanks to Cryptolion!

For more information, please click the link below:
https://bit.ly/2OGGJlS

Contact/About us

If you are an advanced blockchain user, feel free to use any of those tools that you are comfortable with.

If you like what we do and believe in EOS9CAT, vote for eosninecatbp! Waiting for your support. Have a question, send an email to us or visit our website.

FOLLOW US on Facebook, Telegram, Medium, SteemIt, Github, Meetup E0S9CAT, Reddit, Twitter, and LinkedIn.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Top

Enjoy this blog? Please spread the word :)