Security Alert – [Previous security patch can lead to invalid state root on Go clients with a specific transaction sequence – Fixed. Please update.] | Ethereum Foundation Blog EF Blog Search Skip to contentCategories R&D Research & Development Events Events Org Organizational ESP Ecosystem Support Program ETH.org Ethereum.org Sec Security NxBn Next Billion Protocol Protocol Announcements Languages Search Security Alert – [Previous security patch can lead to invalid state root on Go clients with a specific transaction sequence – Fixed. Please update.] Posted by Jutta Steiner on September 10, 2015 Security   Summary: Implementation bug in the go client may lead to invalid state Affected client versions: Latest (unpatched) versions of Go client; v1.1.2, v1.0.4 tags and develop, master branches before September 9. Likelihood: Low Severity: High Impact: High Details: Go ethereum client does not correctly restore state of execution environment when a transaction goes out-of-gas if - within the same block - a contract was suicided. This would result in an invalid copy operation of the state object; flagging the contract as not deleted. This operation would cause a consensus issue between the other implementations.   Effects on expected chain reorganisation depth: none Remedial action taken by Ethereum: Provision of hotfixes as below. Proposed temporary workaround: Use Python or C++ client   If using the PPA: sudo apt-get update then sudo apt-get upgrade If using brew: brew update then brew reinstall ethereum If using a windows binary: download the updated binary from https://github.com/ethereum/go-ethereum/releases/tag/v1.1.3   Master branch commit: https://github.com/ethereum/go-ethereum/commit/9ebe787d3afe35902a639bf7c1fd68d1e591622a   If you’re building from source: git fetch origin && git checkout origin/master followed by a make geth Previous post Next post Subscribe to Protocol Announcements Sign up to receive email notifications for protocol-related announcements, such as network upgrades, FAQs or security issues. You can opt-out of these at any time. Sign up Ethereum Foundation • Ethereum.org • ESP • Bug Bounty Program • Do-not-Track • Archive Categories Research & Development • Events • Organizational • Ecosystem Support Program • Ethereum.org • Security • Next Billion • Protocol Announcements