Dash’s InstantSend instant confirmation functionality has been re-enabled following a period of deactivation while an exploit was fixed.
In a post today on Dash’s forum, Dash Core lead developer Udjinm6 announced that DIP0001 has been officially locked in to take effect within the week, enabling the InstantSend spork to be safely turned back on:
It’s alive! ?
(rpc command: spork active)”
A discovered vulnerability had caused deactivation by spork
Earlier this fall, a potential vulnerability with Dash’s InstantSend function was discovered that could in theory allow an attacker to initiate double-spends on the network. Though this exploit had never been successfully tried and would only be possible in a very specific and difficult edge case, the Core team quickly shut off the InstantSend spork until the vulnerability could be fixed in the 12.2 update. The discovered potential exploit was announced on the forum by Dash Core CTO Andy Freer:
“We’d like to inform you that with help from the community, we have discovered a potential exploit in the current InstantSend implementation which provides the chance for an attacker with 6 or more Masternodes to dominate an InstantSend quorum by brute forcing collateral transaction hashes in a certain way as to increase their chance to be selected for an IS quorum, which could provide the possibility to perform a double spend or a potential network fork.
We have not yet seen this attack executed on our network and we believe the risks are low because the exploit requires ownership of at least US$ 2.1 million in Dash. However, for safety we have disabled InstandSend via [“SPORK_2_INSTANTSEND_ENABLED”: false] to ensure this attack cannot be performed until the fix, which is already completed & QA’d, is released to the network.”
While not a major source of controversy within the Dash community, sporks, functionality allowing to turn some components of the network on and off to assist in updates running smoother, have nonetheless caught the attention of those in other communities who their central control as an issue. In a recent interview with crypto YouTube star Boxmining, Dash Core’s CEO explained that any malicious spork deactivation would have minimal effect, and making a small adjustment to the protocol to keep the spork on by default would only require a few quick lines of code, quickly shutting out hypothetical nefarious developers:
“We don’t run the network, and we don’t decide which version the masternodes download. They download our version because we have a lot of credibility, and if we were to take an action like that, that was anti-the network, we would instantly lose our credibility and smart developers would show up to fix the situation very quickly.”
Fee reduction and block size increase locked in, will be active within the week
The re-enabling of InstantSend is one of the key improvements made possible by the 12.2 update. Released earlier this month, the update also includes various fixes and improvements, including streamlining of the PrivateSend mixing process. Most notably, it includes a tenfold fee reduction, as well as a block size doubling to 2mb. Notably, Bitcoin went through a long internal conflict (arguably still ongoing) over disagreements over on-chain scaling, and a recent move to similarly double the block size failed.
As 12.2 is now locked in, its full effects will be activated within a week.