News InstantSend Back Online on the Dash Network After Edge-Case...

InstantSend Back Online on the Dash Network After Edge-Case Exploit Fix

-

- Advertisment -

Dash’s InstantSend instant confirmation functionality has been re-enabled following a period of deactivation while an exploit was fixed.

In a post today on Dash’s forum, Dash Core lead developer Udjinm6 announced that DIP0001 has been officially locked in to take effect within the week, enabling the InstantSend spork to be safely turned back on:


“SPORK_2_INSTANTSEND_ENABLED”: true
It’s alive! ?

(rpc command: spork active)”

A discovered vulnerability had caused deactivation by spork

Earlier this fall, a potential vulnerability with Dash’s InstantSend function was discovered that could in theory allow an attacker to initiate double-spends on the network. Though this exploit had never been successfully tried and would only be possible in a very specific and difficult edge case, the Core team quickly shut off the InstantSend spork until the vulnerability could be fixed in the 12.2 update. The discovered potential exploit was announced on the forum by Dash Core CTO Andy Freer:

“We’d like to inform you that with help from the community, we have discovered a potential exploit in the current InstantSend implementation which provides the chance for an attacker with 6 or more Masternodes to dominate an InstantSend quorum by brute forcing collateral transaction hashes in a certain way as to increase their chance to be selected for an IS quorum, which could provide the possibility to perform a double spend or a potential network fork.

We have not yet seen this attack executed on our network and we believe the risks are low because the exploit requires ownership of at least US$ 2.1 million in Dash. However, for safety we have disabled InstandSend via [“SPORK_2_INSTANTSEND_ENABLED”: false] to ensure this attack cannot be performed until the fix, which is already completed & QA’d, is released to the network.”

While not a major source of controversy within the Dash community, sporks, functionality allowing to turn some components of the network on and off to assist in updates running smoother, have nonetheless caught the attention of those in other communities who their central control as an issue. In a recent interview with crypto YouTube star Boxmining, Dash Core’s CEO explained that any malicious spork deactivation would have minimal effect, and making a small adjustment to the protocol to keep the spork on by default would only require a few quick lines of code, quickly shutting out hypothetical nefarious developers:

“We don’t run the network, and we don’t decide which version the masternodes download. They download our version because we have a lot of credibility, and if we were to take an action like that, that was anti-the network, we would instantly lose our credibility and smart developers would show up to fix the situation very quickly.”

Fee reduction and block size increase locked in, will be active within the week

The re-enabling of InstantSend is one of the key improvements made possible by the 12.2 update. Released earlier this month, the update also includes various fixes and improvements, including streamlining of the PrivateSend mixing process. Most notably, it includes a tenfold fee reduction, as well as a block size doubling to 2mb. Notably, Bitcoin went through a long internal conflict (arguably still ongoing) over disagreements over on-chain scaling, and a recent move to similarly double the block size failed.

As 12.2 is now locked in, its full effects will be activated within a week.

Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

GoCrypto presents truly contactless payments with a simple solution for merchants and buyers

7 April 2020 — The recent events have rapidly changed the way we live, including our shopping...

Bitcoin SV has found a new niche in the gaming industry

Gaming companies and online casinos are increasingly paying attention to cryptocurrencies as a possible payment tool. Several...

Why could GLBrain become a great solution to receive support during the crisis?

To support smaller and medium-sized businesses during the ongoing crisis, GLBrain offers services cost-free for all Austrians....

Make Fast and Secure Trades Using Bitengo.io

Bitengo.io is a Cryptocurrency trading platform that allows users to buy and sell their Cryptocurrency in a...
- Advertisement -InstantSend Back Online on the Dash Network After Edge-Case Exploit Fix

Network Security Using Cryptography: Everything you need to know

This article will describe what is Network Security Using Cryptography and everything you need to know before...

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came under new ownership in December 2019. Since taking over the exchange,...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you