To Counter Bug, Lisk Acutely Goes Down as Devs Release Fix
All funds on the Lisk (LSK) blockchain are safe, yet it wasn’t business as usual this morning for the Lisk team as they had to quickly respond to an “edge-case bug” that allowed for the broadcasting of an invalid transaction on their blockchain. As an “automated security measure,” Lisk’s nodes temporarily went down to prevent propagating the transaction, and the team’s devs have already released a fix for the bug.
UPDATE: A few minutes shy of 1PM EST, the Lisk team is saying the network has begun the process of returning to routine operations.
A Head-On Response
Dramatic technical woes have been cropping up in the Verge (XVG) and EOS (EOS) communities lately, but the team behind the Lisk blockchain have shown this morning they’re determined to tackle any such problems quickly, resolutely, and undramatically.
They didn’t have to wait long for answers — or a fix. That’s per the co-founder, president, and CEO of Lisk, Max Kordek, who went on the r/Lisk subreddit a few hours after the edge-case bug was discovered to say the issue had been mitigated and a fix, the Lisk Core v.0.9.15 update, had already been deployed.
‘Automated Security Measure – All Funds Safe’
In Kordek’s explainer post to the community, he noted the Lisk network is designed to prevent “the blockchain from continuing and causing forks,” which allowed the team to have an automated response to the bug:
“During European morning hours, an anonymous individual broadcasted a faulty transaction to the Lisk network. Due to a rare edge-case bug in transaction processing, this transaction was deemed valid and went through the processing steps on each individual node. However, it was an invalid, maliciously customized transaction type that utilised this particular code bug.
For these cases there are security measurements built into Lisk Core in order to prevent the blockchain from continuing and causing forks. For this reason every individual node has temporarily stopped processing new blocks which has resulted in the Lisk network to halt. This is automated and intended behaviour in order to protect our users from any loss of funds.”
With that being said, the Lisk president and CEO also explained that 150 LSK transactions were sent after Lisk’s nodes responded, with these funds being safe and as if they were never sent in the first place in the de facto network blackout.
Kordek also noted that “2 or 3” edge-cases with similar profiles had occurred in the past and that the Lisk team had already prepared a fix at the time of his posting accordingly:
“The fix for this matter has already been discovered and implemented. Today, we will release Lisk Core v.0.9.15 [note: editor’s hyperlink here] which will resolve the issues and allow for the continual and normal operation of the Lisk network. When this fix is deployed we will ask for all delegates to rebuild their nodes by upgrading to the newest version. Further updates to our community will take place as we progress with resolving this issue.”
Inside the Transaction
In the comments below his post, Kordex detailed further that the nodes’ response to the invalid transaction was exactly what developers had intended.
“As described it allowed a faulty transaction to be processed (i.e. letting it through),” he wrote. “Nodes couldn’t cope with it and turned themselves off (instead of forcing themselves to stay online with wrong data, them turning off is intended).”
The project president also went on to say that it wasn’t immediately clear if the episode resulted from “an experiment or an attack.” He added at the time:
“I personally don’t believe the outcome was on purpose, rather an accident due to an individual playing around.”
I reached out to Kordek for comment, and he later clarified it really was “too early to comment on the definite source of the bug” however. He went on to say that “What is important now is that the fix has quickly been discovered and is being implemented as we speak” in the form of the new Lisk Core software update.
By all indications, then, a resolute response that many other smaller projects in the cryptoverse can learn from.
What’s your take? What do you think about the “edge-case bug” outlined above? Attacker or tinkerer in your view? Let us know your thoughts in the comments below.
Images via Lisk, Medium