Security Warning – (Previous security patch may cause incorrect state root in Go clients with specific transaction order – fixed. Please update.)

summary: Implementation bugs in the Go client may result in incorrect state.

Affected client versions: Latest (unpatched) version v1.1.2 of the Go client, tagged and developed with v1.0.4, master branch before September 9th.

Likelihood: low

Severity: High

Impact: High

Details: The Go Ethereum client does not correctly restore the state of the execution environment when a transaction runs out of gas if a contract is aborted within the same block. This results in an incorrect copy operation of the state object. Show the contract as not deleted. This causes consensus issues between different implementations.

Impact on expected chain reorganization depth: doesn’t exist

Improvement measures taken by Ethereum: Hotfix is ​​provided as below.

Suggested workaround: Using Python or C++ clients

If you’re using a PPA: sudo apt-get update Then sudo apt-get upgrade

If you use brewing: Brewing Updates Then Reinstall Brewing Ethereum

If you’re using Windows binaries: Download the updated binaries from: https://github.com/ethereum/go-ethereum/releases/tag/v1.1.3

Master branch commit: https://github.com/ethereum/go-ethereum/commit/9ebe787d3afe35902a639bf7c1fd68d1e591622a

If building from source: git import source && git checkout source/master Then make a geth