Friday, November 15, 2024
HomeEthereumSafety Alert –

Safety Alert – [Previous security patch can lead to invalid state root on Go clients with a specific transaction sequence – Fixed. Please update.]


 

Abstract: Implementation bug within the go consumer could result in invalid state

Affected consumer variations: Newest (unpatched) variations of Go consumer; v1.1.2, v1.0.4 tags and develop, grasp branches earlier than September 9.

Probability: Low

Severity: Excessive

Influence: Excessive

Particulars: Go ethereum consumer doesn’t appropriately restore state of execution surroundings when a transaction goes out-of-gas if – throughout the identical block – a contract was suicided. This could lead to an invalid copy operation of the state object; flagging the contract as not deleted. This operation would trigger a consensus situation between the opposite implementations.

 

Results on anticipated chain reorganisation depth: none

Remedial motion taken by Ethereum: Provision of hotfixes as under.

Proposed short-term workaround: Use Python or C++ consumer

 

If utilizing the PPA: sudo apt-get replace then sudo apt-get improve

If utilizing brew: brew replace then brew reinstall ethereum

If utilizing a home windows binary: obtain the up to date binary from https://github.com/ethereum/go-ethereum/releases/tag/v1.1.3

 

Grasp department commit: https://github.com/ethereum/go-ethereum/commit/9ebe787d3afe35902a639bf7c1fd68d1e591622a

 

When you’re constructing from supply: git fetch origin && git checkout origin/grasp adopted by a make geth



Supply hyperlink

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments