Security Warning (Implementing the BLOCKHASH command in C++ and Go clients may lead to consensus issues – fixed. Please update.)
summary: Improper implementation of BLOCKHASH can cause chain reorganization, leading to consensus issues.
Configurations affected: All geth versions up to 1.1.3 and 1.2.2. All eth versions prior to 1.0.0.
What could happen: low
Severity: middle
effect: middle
Details: Both the C++(eth) and Go(geth) clients incorrectly implemented edge cases of the Ethereum virtual machine, specifically the chain that the BLOCKHASH instruction uses to retrieve block hashes. This edge case is highly unlikely to occur on a live network because it is only triggered by certain types of chain reorganizations (contracts executing BLOCKHASH(N – 1)). Here, N is the head of a subchain that is not yet official. It is reorganized to become the standard (optimal/longest) chain, but after the block has been processed.
pyethereum is not affected.
Impact on expected chain reorganization depth: doesn’t exist
Improvement measures taken by Ethereum: Hotfix is provided as below.
Geth:
PPA: sudo apt-get update then sudo apt-get upgrade
decorate: After updating, reinstall Ethereum.
window: Download the updated binary from: https://github.com/ethereum/go-ethereum/releases/tag/v1.2.3
Build from source:
git fetch origin && git checkout origin/master
Site:
PPA: https://gavofyork.gitbooks.io/turboethereum/content/chapter1.html