Update Week Recap- Cosmos bug, Tezos Athens, Loom update
We had a very busy end to the week, with a top-secret emergency Cosmos Hub bug patch, a comprehensive Tezos Ledger-support upgrade, and an upgrade to Loom’s Plasmachain.
Cosmos Hub bug patch
Last Thursday, a critical security vulnerability was identified in the Cosmos Hub. The bug made it possible for users to unbond their atoms without waiting for the full unbonding period to pass. The vulnerability could be exploited by redelegating to an unbonded validator (a validator outside of the top 100) and then unbonding the atoms. (See an example transaction from the original report here.)
The Cosmos team quickly implemented and tested a patch. The fix ensured that all unbonding transactions properly obeyed the unbonding period, regardless of the validator’s bonded/unbonded status. The change was enabled in consensus as a straightforward software upgrade by adding a conditional into the code to switch to the new rules once block #482100 was reached. Prior to releasing the patch, the team privately shared a Golang program that displayed all suspicious transactions and public data on the exploit.
The team also formed a secret Telegram group for validators, in order to disclose the situation exclusively to the validator set in order to coordinate a smooth network upgrade. The concern was that if the information leaked publicly, users may exploit the bug, enabling various forms of nefarious activity.
The patch was disclosed to the public around 12pm PST on May 30 and the upgrade occurred at block #482100 about 6 hours later. Most validators were able to upgrade to the patch within this 6 hour window, however inside the private group we had difficulty establishing contact with all hub validators, and thus a small minority did suffer downtime following the upgrade.
All things considered, the upgrade went as smoothly as we could’ve hoped. Jack, Zaki, and the whole Cosmos team did a great job of effectively coordinating and navigating the potentially hazard situation for the network.
Stake Capital had a smooth update 👇
Tezos Athens Amendement
The Tezos Athens protocol upgrade occured on May 30 at block #458753. This upgrade included a number of mandatory changes and upgrades to the protocol. These changes included updates to the Tezos dependencies, Mainnet version, and a change to the storage format.
Additionally, there was a Ledger firmware upgrade required on the baker, which of course required us to travel to our physical infrastructure data centre.
Loom’s Plasmachain Update
The Plasmachain upgrade — release #1085 — included:
- A performance improvement to ready Plasmachain for upcoming dApps that will be sending higher rates of transactions onto the chain.
- Tron gateway release, for completing the integration with Tron.
The release was operationally more complex than typical Loom upgrades, as there were some significant changes to how data is stored by validators. Nonetheless, the upgrade was successfully completed in under 24 hours, readying the network for increased transaction volume.
Follow-us on Twitter | Join our Telegram and Discord|
Please Smash the clap button 🙌
