Proofgold 0.1.9 (important bug fix)

by BlakeKeiller, Saturday, September 26, 2020, 15:10 (435 days ago)

I've just released 0.1.9:

https://proofgold.org/proofgold-0.1.9.tgz

Updating is necessary for all nodes. There was a bug that caused nodes to get stuck if an ltc tx looked close enough to being a Proofgold burn tx, but wasn't. Someone made such a ltc tx and it seems like every node stopped syncing with ltc at that point and so stopped staking. (There haven't been new blocks in about a day because of this.)

The "decoy" ltc tx is 5066e9832e53ae8b0b02f8d21b24cb481113dfc4af637ff18e52e1c2a5a55207. All Proofgold burn txs have an id that starts with 5066. This happens by design, but one out of every other 64K ltc txs also have this property by accident. Normally that's not a problem. In this case, however, not only the id matched, but much of the rest of it did: the first txout is an OP_RETURN with a number of pushed bytes in the right range so that it one can extract the alleged previous ltc burn txid and new Proofgold block id. In this case, however, the "previous ltc burn txid" was not really an ltc txid, causing a case that wasn't handled gracefully.

It seems unlikely that such a ltc tx could have been made by accident, so this probably qualifies as the first attack on Proofgold. The network needs to be immune to attacks like this, so it's better for them to happen early. (To be fair, it could be the result of innocent experimentation with changing Proofgold's code.)