Last week, we failed to deliver the usual Tuesday update due to some unexpected issues. However, the SuperNet Tuesday Update is back in force and, as usual, it brings good news!
Last week, we failed to deliver the usual Tuesday update due to some unexpected issues. However, the SuperNet Tuesday Update is back in force and, as usual, it brings good news! This week, we are going to talk about an attack mounted on the Komodo blockchain, and how it was found and corrected. We are also going to talk about Iguana and its development.
Attack on Komodo detected and fixed
For those that are not actively keeping up with Komodo, this may have flown under your radar. However, Komodo has recently overcome a small emergency caused by an attacker trying to exploit a bug found on the Komodo code. Thanks to the Komodo team, the attacker didn’t actually cause any damage as the situation was promptly fixed.
During the weekend, one of our notary nodes detected an attack that had been going on for 30 hours. At the time, the attacker was acting discretely by generating small amounts of KMD. However, after he understood he was detected, the attacker tried to get as many coins as he could in order to sell them, which led the team to take further action. Following the announcement and the warning issued by the team, the Komodo blockchain was rolled back (restoring the blockchain to a previous point in time).
Our fork did not invalidate the first illicit block (30.000 KMD). Those coins were left to the attacker (bug bounty). Major exchanges disabled their KMD wallet before the attacker moved any coins.
Without the rollback, KMD coin supply would have expanded about 10 % as the attacker would have been able to create over 10 million KMD. We managed to avoid all this by just rolling back a few hours.
We have also fixed the bug that caused this vulnerability. The reason for it was a missing condition in our code which did not check the value of the second output. Basically, any amount would have been accepted.
We firmly believe that no more similar issues will arise. However, we are prepared to deal with them if they do come along and with the help of our faithful community and notary nodes, we are positive that we can fix these issues easily.
Development on the Iguana side continues steadily as the team continues to make regular releases to our Github. These releases are routinely checked and tested by our group of bug hunters after each release.
We have also hired a new developer whose sole function is to create the installers’ build. This will ensure that the wallet can be downloaded and installed with no problems through any O.S.
Our most recent release is currently being tested. If no major bugs are found we will push the installers as the next official release.
So, where do we currently stand? New Iguana versions have been released and multiple bugs have been found and fixed on each of these releases. We have also added multiple features. These releases, however, are not publicly available on our website, since they are not considered official releases and rather tests. These can still be downloaded by anyone from our github but installers always come with a delay. Once we have installers ready without major bugs we will start our marketing efforts but for now, we’re keeping the new releases within the community so that we can silently push Iguana towards perfection!
Overall, we are rather pleased with the way things are evolving. Everything is quickly falling into place behind the scenes and all bugs found are being exterminated with ease. No major development roadblocks have come along and even the aforementioned attack on our blockchain has come as a blessing in disguise (rather now than later)!
We are doing a lot and sometimes it may be hard to keep up with what SuperNet has in store for the community. A recent blog post by Polycryptoblog details the upcoming features and tools that are coming in 2017. Have a look: https://supernet.org/en/resources/articles/10-things-that-are-coming-to-supernet-in-2017