Safety vulnerability ID: 52641
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Chinilla-blockchain 1.2.0 includes a fix for CVE-2022-36447, where in tokens previously minted on the Chinilla blockchain using the CAT1 standard can be inflated in arbitrary amounts by any holder of the token. Total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chinilla blockchain, regardless of issuance rules. This attack is auditable on-chain, so maliciously altered coins can potentially be "marked" by off-chain observers as malicious.
Latest version: 1.4.0
Chinilla blockchain full node, farmer, timelord, and wallet.
Added
- Significant speed improvements have been added to the Node during P2P operations. This is mostly a performance improvement to make sure there is plenty of overhead in Node for transaction processing. Smaller machines like the Pi 4 are strongly advised to update to this release before Monday 5/3/21 at 10AM PDT when transactions start.
- Significant syncing speed improvements have been added. However, there is a lot of low hanging fruit to continue to increase overall chain sync speed in subsequent releases.
Changed
- We now require node 12.x to build the GUI. Installers have been building using node 12.x for quite some time.
- Node will now farm while syncing.
- We changed chinillalisp singletons to take a puzzlehash as its origin. We also updated the DID wallet to use this.
- Transactions are now cached for 10 minutes in mempool to retry if there is a failure of a spending attempt.
- Thank you to Chida82 who made the log rotation count fully configurable. Apologies to him for not initially being included here.
- Thank you to fiveangle for making install.sh more resilient across python installations.
- Standard transactions now all have announcements.
- VDF verification during sync and normal operations are now cached to enhance node performance.
- Target peer count has been increased from 60 to 80 to increase the number of peer Nodes available to connect to. Outbound connections were lowered from 10 to 8.
- The streamables class has had significant performance improvements.
- If a proof of space lookup takes longer than 5 seconds we will now log an error at WARNING level.
- Allow configuration of the plot loading interval (default is 2 minutes) in config.yaml.
- CLI wallet UI was improved and shows syncing status of wallet.
- martomi added logging of added coins back.
- Thank you to aisk for additional type checking.
- aisk added error checking in bech32m
- Chinillalisp programs now remained serialized in Node for better performance.
- Mempool is now set to be 50 times the single block size.
- Mitigate 1-3 vojo dust attacks.
- CLI now switches to EiB for netspace display as appropriate.
Fixed
- We fixed excess memory use when displaying plot logs in GUI. This was causing the GUI application to fail in many "fun" ways after plotting a lot of plots in parallel.
- Fixed plot update issues in the GUI.
- Long syncing will now correctly show "Syncing" around the application.
- Nonce collisions in request IDs is fixed.
- Some duplicate plots were not being caught and logged by harvester on loading.
- We have removed many places where Node was making duplicate requests of other nodes.
- Daemon now waits for services to end to attempt to avoid zombie processes.
- Node is less likely to lose sync due to state inconsistency.
- A large thank you to sargonas for diagnosing why so many technical support questions were flooding GitHub issues, PRing a fix, and mass migrating issues to Discussions.
- Thanks to jeolcho for fixing a bug in full_node_rpc_api.py.
- Thanks antoniobg for a typo fix in keychain.py.
- Thanks to altendky for catching a Copyright date error.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application