See our previous digest here.
Hey everyone! This was a busy June indeed! First of all, we want to thank the art_of_bug team for discovering two significant vulnerabilities in the wallet code. The first one drained a victim’s RAM, while the second one allowed an attacker to reorganize blocks until the last soft checkpoint with relatively little resources. We have promptly warned all exchanges about possible issues, and you may have noticed that they required more confirmations than the standard six in the first half of June.
While troubleshooting, we have released several consecutive patches and advised everyone to upgrade. The latest version 0.7.9 is not affected by these vulnerabilities.
I hope that the exchanges complete their upgrades and remove all restrictions during this week.
Let’s consider this a blessing in disguise, as such challenges inspire us to develop safer code in future.