Ethereum Blog

Security alert [consensus issue]

Introduction

user

Jutta Steiner


LATEST POSTS

Security Alert 1 [windows+alethzero] 07th August, 2015

How do you know Ethereum is secure? 07th July, 2015

Security

Security alert [consensus issue]

Posted on .

This alert is related to a consensus issue that occurred on the Frontier network at block 116,522, mined on 2015-08-20 at 14:59:16+02:00 – Issue has been fixed, see “Fix” below.

Impact: High

Issue description: State database consensus issue in geth with deletion of account data, which could happen during SUICIDE instructions.

Affected implementations: All geth implementations up to and including versions 1.0.1, 1.1.0 and develop (“unstable 1.1.0”) were affected. Eth (C++) and pyethereum (Python) are unaffected.

Effects on expected chain reorganisation depth: Increase waiting time for eventual block confirmation to 12 hours

Proposed temporary workaround: Miners switch to eth or pyethereum asap

Remedial action taken by Ethereum: Provision of fixes as below.

Fix: Note that the consensus  issue occured just before the announcement of the new release 1.1.0. When upgrading, please make sure you upgrade to the version you intended as you might not want to fix and upgrade from 1.0.1 to 1.1.0 (which has not yet been officially released) at the same time. Fixes below are for version 1.0.2 – builds are generated for v 1.0.2. 

  • Release 1.0.2 including source and binaries can be found here
  • If you are building from source: git pull followed by make geth – please use the master branch commit a0303ff4bdc17fba10baea4ce9ff250e5923efa2
  • If using the PPA: sudo apt-get update then sudo apt-get upgrade
  • We are still working on the brew fix

The correct version for this update on Ubuntu AND OSX is Geth/v1.0.2-a0303f

Note that it is likely that you receive the following message alert which will resolve itself after a while once your peers have updated their clients:

I0820 19:00:53.368852    4539 chain_manager.go:776] Bad block #116522 (05bef30ef572270f654746da22639a7a0c97dd97a7050b9e252391996aaeb689)

I0820 19:00:53.368891    4539 chain_manager.go:777] Found known bad hash in chain 05bef30ef572270f654746da22639a7a0c97dd97a7050b9e

Updates:

  • 20/08/15 17:47+02:00 Issue has been identified and fix for geth is underway. Geth(Go)-Miners should upgrade asap once the fixes become available and meanwhile switch to Eth (C++) or Python. Eth (C++) and Python miners are unaffected.
  • 20/08/15 19:38+02:00 Official release of fixes, see above.
  • 20/08/15 21:19+02:00 Note that the consenus  issue occured just before the announcement of the new release 1.0.2. Therefore, please make sure that you get the fix you want, i.e. remain on 1.0.1 or upgrade to 1.0.2. See “Fix” for more details.
  • 21/08/15 11:30+2:00 Since the occurrence of the consensus issue, we’ve been closely monitoring the chain and network. According to network statistics, most miners have upgraded to the patched 1.0.2 or switched to eth. Our expectations concerning maximum likely chain-reorganization depth is 750 blocks.
profile

Jutta Steiner

  • Ales Katona

    “Geth miners” are people mining purely on geth or anyone mining “through” geth (e.g. geth + ethminer combo)?

    • Anthony Cros

      likely both

    • http://www.ursium.com/ Stephan Tual

      Ethminer combo included. What matters is the client doing the consensus work, in this case, geth.

  • http://techfleece.com/ TheGift73

    This has caused some panic for traders on Poloniex. When is the next update coming?

    Way too much FUD flying around, so an update would be great.

    • http://www.ursium.com/ Stephan Tual

      It’s now fixed.

      • http://techfleece.com/ TheGift73

        Cheers @stephantual:disqus

  • Jason X Bånd

    Is it a protocol issue or an implementation issue?

    • mikehorton

      I’m curious as well.

      • Tjaden Hess

        It’s an implementation issue. It only affects the Geth client and should be fixed shortly.

        • http://www.ursium.com/ Stephan Tual

          Correct

  • Mathieu Baril

    So what do we do if we used the geth+eth combo? We update geth? I lost 1 block and 1 uncle.

    • http://www.ursium.com/ Stephan Tual

      Yup, update Geth as per the instructions from Jutta above.

      • Mathieu Baril

        Done! Thanks for quick update dev team. :)

  • https://plus.google.com/+TiborSzitas Zer0CT

    It was fast and effective, guys (as the alert so the fixes). Well done!

    • oliverkx

      Awesome work Dev Team! Thanks!

  • http://www.ursium.com/ Stephan Tual

    Note, if you are getting:

    I0820 19:00:53.368852 4539 chain_manager.go:776] Bad block #116522 (05bef30ef572270f654746da22639a7a0c97dd97a7050b9e252391996aaeb689)
    I0820 19:00:53.368891 4539 chain_manager.go:777] Found known bad hash in chain 05bef30ef572270f654746da22639a7a0c97dd97a7050b9e

    .. after updating this is NORMAL and will resolve itself once your peers have updated their clients, too.

    • Jbmeth007 .

      Any way to clear peers, and refresh? Its been hours

    • Joshua Davis

      hours later after running Geth/v1.0.2-92176e53/linux/go1.4.2 guess what? No healthy peers. You can’t seemingly hard code healthy peers into the update for whatever reason which to me I don’t care what reason you have its not a good one. The client can’t reach consensus till my peers update and my peers won’t update so I can’t get on the main chain… That doesn’t seem acceptable to me.

  • Bezpol Security

    Good. Thanks a lot.

  • Daniel Schwarz

    I had sent a big sum of Ether’s to poloniex before the security announcement and it made 333 confirmations… after that they freeze the transaction (pending) and disabled the wallet…. The strange thing is that they changed the confirmations to 204/3000 (instead of 333) and they changed the transaction time stamp for the same transaction with a difference of about 4 hours !!! The original transaction was made at 2015-08-20 14:53:58 and they changed the timestamp for the same transaction to 2015-08-20 18:40:12 (with the confirmation difference). Luckily I have screen-shot’s for what i am describing… has anybody a clue what could happen? Is there a possibility they want to hide something? I am really very frustrated with the situation.

    • Tjaden Hess

      The fork caused the network to reorganize to a depth of about four hours. Poloniex disabled all wallets until they could be sure the problem was fixed. Now that most miners are on the the correct branch of the fork, your confirmations should increase and your funds should be available in about 12 hours

  • http://www.ursium.com/ Stephan Tual

    For those wondering why the change in hash for the 1.0.2 build since we last posted, it was purely as a manual version change to for the build servers to build.

  • wirelessguy

    Getting error. After get the new Windows geth: …5310-1.0.2-4591ae5.zip,
    I did:
    geth -rpc –maxpeers “2” or “25” don’t matter.

    Getting error:
    9836 chain_manager.go:777] insufficient ETH for gas (b93e0e8c). Req 106673195494980000, has 0

    9836 downloader.go:254] Synchronisation failed: hash fetching canceled (requested)

    9836 chain_manager.go:660] imported 0 block(s) (0 queued 1 ignored) including 0 txs in 4.0002ms. #116521 [6d45feba / 6d45feba]

    9836 chain_manager.go:776] Bad block #116522 (05bef30ef572270f654746da22639a7a0c97dd97a7050b9e252391996aaeb689)

    9836 chain_manager.go:777] Found known bad hash in chain 05bef30ef572270f654746da22639a7a0c97dd97a7050b9e252391996aaeb689

    9836 downloader.go:254] Synchronisation failed: hash fetching canceled (requested)

    Do I need to do a >geth upgradedb also?

    etherchain.org does show the updated balance correctly…with the correct balance, so it’s there.
    In the meantime, I can’t SEND ETHER to anyone…until this works.

    Trying to figure out what I did wrong.

    I just downloaded the new geth and overwrote the old geth in the windows folder.
    Did: geth -rpc

    got error: insufficient ETH for gas (b93e0e8c). Req 106673195494980000, has 0

    Synchronisation failed: hash fetching canceled (requested)

    Another window,. did:
    geth attach
    ..shows no balance…. I guess because the DB Synchronization failed.

  • Giancarlo Giuffra Moncayo

    hello everyone, i’m still getting the error bad block #116525, it’s been 2 days , i can’t get geth to synchronize

View Comments (24) ...
Navigation