Last week Chia Network released Chia Blockchain 1.2.8 which fixed a number of issues and laid the preparatory work for the DID features coming to the ecosystem. But there was a main reason for the deployment not being talked about much: a transaction bug that could have stopped the network.
In the Chia Testnet they discovered a bug where a malformed transaction could stop the blockchain cold. My understanding of the bug, and to be clear I have not seen PoC code, is that if the malformed transaction made it into the mempool of a full_node it would both stop that node from putting transactions into blocks as well synchronize that transaction to the mempools of other full nodes – stopping them too. XCHPool discovered this, along with a few other pools, when they became unable to send any transactions in the Testnet at all and found that other pools were having the same issue. They brought in the Chia developers who then took over and began work on a fix.
This is a really serious bug, and had it been discovered later on down the line when the blockchain was in full production swing with actual use cases beyond pool rewards it could have caused major services to stop working while they made emergency patches to their custom code. But it was thankfully discovered in testing, and with the help of XCHPool Chia Network was able to create a patch, test it and deploy it before the bug became a network 0 day. I delayed writing this piece until a critical mass of Chia nodes had updated, which should have happened today according to data provided by Chia. If you haven’t yet, stop reading this article and go download right now. The fix will only help patched nodes, unpatched ones are still vulnerable.
The other implication to this bug comes from the Chia Forks. They would have all also been vulnerable to this malformed transaction, and so I disclosed the issue to them early. Most of them started taking a look right away, and HDDCoin even managed to get a full update out in record time, about 12 hours after being informed. That is real hero work and shows the dedication of their developers. Other forks are hard at work on the fix, and one of the reasons I did not seek out additional details for the issue.
These kind of bugs will happen. Its software, and thus destined to be imperfect. Software teams should not be judged by having bugs in their code, they should be judged how they respond. And I think both Chia Network and HDDCoin responded masterfully to this issue, along with XCHPool and the rest of the pool operators who had fixes in place immediately this time.
**Update** A note from Chia Network has informed me that the bug did not risk the blockchain stopping, just transactions from being placed into them. Blocks would be farmed empty. To me that’s a semantic difference as without transactions a blockchain isn’t really worth much, at least to me.