Denial-of-service attack vector, upgrade to 2.05.0.3.0
Researchers from the Immunefi Bug Bounty
program uncovered a denial-of-service vulnerability that was notably concerning because an exploit in the wild could
have led to a chain split. Ultimately, this required that the majority of mining power upgrade before any exploitation took place. After flagging by researchers, this bug was validated by Stacks core developers and addressed through an upgrade. The bounty program ensured that this exploit was disclosed responsibly to the Stacks Foundation. Our team was able to rally contributors to identify a solution, and communicate to miners, exchanges, and others to roll out the upgrade swiftly.
This example affirms the system that we rely on. We’re extremely grateful to the researcher, everyone who contributed to the resolution, and the many integrators that quickly upgraded their software. You can review the complete post-mortem here.BTC/Mempool Congestion
Recently, Stacks users experienced significant congestion on the network, resulting in confusion as to what the core issue was and general fear/uncertainty. Unfortunately, getting this congestion acknowledged and addressed was a slow process, making an already frustrating situation all the more difficult. We believe many of the changes and new resources outlined above will address that going forward and eliminate needless frustration and lack of clarity.
As for the underlying issue of network capacity and speed, Hiro’s Subnets are a solution in the works
. They should help immensely with ‘bursty’ traffic and Core Devs have also discussed other potential ways of speeding up the main chain. We encourage anyone that wants to share needs or be part of solutions to join the open calls