Security alert [Implementation of BLOCKHASH instruction in C++ and Go clients can potentially cause consensus issue – Fixed. Please update.] | Ethereum Foundation Blog


EF Blog

Search







Skip to contentCategories

R&D


 Research & Development

Events


 Events

Org


 Organizational

ESP


 Ecosystem Support Program

ETH.org


 Ethereum.org

Sec


 Security

NxBn


 Next Billion

Protocol


 Protocol Announcements





Languages

Search


Security alert [Implementation of BLOCKHASH instruction in C++ and Go clients can potentially cause consensus issue – Fixed. Please update.]
Posted by Gustav Simonsson on October 22, 2015
Security




Summary: Erroneous implementation of BLOCKHASH can trigger a chain reorganisation leading to consensus problems

Affected configurations: All geth versions up to 1.1.3 and 1.2.2. All eth versions prior to 1.0.0.

Likelihood: Low

Severity: Medium

Impact: Medium

Details: Both C++ (eth) and Go (geth) clients have an erroneous implementation of an edge case in the Ethereum virtual machine, specifically which chain the BLOCKHASH instruction uses for retrieving a block hash. This edge case is very unlikely to happen on a live network as it would only be triggered in certain types of chain reorganisations (a contract executing BLOCKHASH(N - 1) where N is the head of a non-canonical subchain that is not-yet reorganised to become the canonical (best/longest) chain but will be after the block is processed).

pyethereum is unaffected.

Effects on expected chain reorganisation depth: none

Remedial action taken by Ethereum: Provision of hotfixes as below.

Geth:

PPA: sudo apt-get update then sudo apt-get upgrade
Brew: brew update then brew reinstall ethereum

Windows: download the updated binary from https://github.com/ethereum/go-ethereum/releases/tag/v1.2.3

Building from source:

git fetch origin && git checkout origin/master


make geth




Master branch commit: e55594ca0e131d518944e98701fc067735b11152



Eth:

PPA: https://gavofyork.gitbooks.io/turboethereum/content/chapter1.html

Window and Mac OS X:  https://build.ethdev.com/cpp-binaries-data/

Source: https://github.com/ethereum/webthree-umbrella/tree/release

Building from source: https://github.com/ethereum/webthree-umbrella/wiki




Previous post
Next post




Subscribe to Protocol Announcements
Sign up to receive email notifications for protocol-related announcements, such as network upgrades, FAQs or security issues. You can opt-out of these at any time.


Sign up





	
	
	
	



	Ethereum Foundation
•
	Ethereum.org
•
	ESP
•
	Bug Bounty Program
•
	Do-not-Track
•
	Archive


Categories

	Research & Development
•
	Events
•
	Organizational
•
	Ecosystem Support Program
•
	Ethereum.org
•
	Security
•
	Next Billion
•
	Protocol Announcements