Security Warning – (Previous security patch may cause incorrect state root in Go clients with specific transaction order – fixed. Please update.)
summary: Implementation bugs in the Go client may result in incorrect state.
Affected client versions: Latest (unpatched) version v1.1.2 of the Go client, tagged and developed with v1.0.4, master branch before September 9th.
Likelihood: low
Severity: High
Impact: High
Details: The Go Ethereum client does not correctly restore the state of the execution environment when a transaction runs out of gas if a contract is aborted within the same block. This results in an incorrect copy operation of the state object. Show the contract as not deleted. This causes consensus issues between different implementations.
Impact on expected chain reorganization depth: doesn’t exist
Improvement measures taken by Ethereum: Hotfix is provided as below.
Suggested workaround: Using Python or C++ clients
If you’re using a PPA: sudo apt-get update Then sudo apt-get upgrade
If you use brewing: Brewing Updates Then Reinstall Brewing Ethereum
If you’re using Windows binaries: Download the updated binaries from: https://github.com/ethereum/go-ethereum/releases/tag/v1.1.3
Master branch commit: https://github.com/ethereum/go-ethereum/commit/9ebe787d3afe35902a639bf7c1fd68d1e591622a
If building from source: git import source && git checkout source/master Then make a geth