Given the gravity, the team had to coordinate with the miners to fix the fault with a soft emergency fork.
The team behind the decentralized Domain Name Server (DNS) project, Handshake, recently fixed a bug that could have inflated the HNS coin stock.
When it existed in the Handshake code, the bug was never exploited and no user funds or domain data were compromised, write the handshake developers in a post.
“A flaw in the handshake protocol was discovered that could accidentally increase the total supply of HNS coins beyond its projected limits,” says the post. “A user with a reserved name claim may have accidentally generated small amounts of extra HNS when modifying his wallet. At worst, a malicious miner could generate almost unlimited extra HNS in each block. The bug was never exploited and has now been fixed. “
The team advises miners and node operators to update to the latest version as soon as possible.
Handshake is a decentralized domain name service, in which users can purchase handshake names, an alternative to the DNS identifiers traditionally used to access websites (handshake users pay for them in an HNS token). According to the blog post, the bug would have given users who claimed handshake names the ability to accidentally print extra HNS tokens.
Handshake inflation bug
Matthew Zipkin, a former BitGo developer and Bcoin contributor, alerted the team to the vulnerability on March 24. From here, handshake developer (and Lightning Network architect) Joseph Poon and his fellow handshake developer, Christopher Jeffrey, coded patches that were released at HNS mining pools first.
The team approached miners like F2Pool and Poolin first because the bug required a review of the Handshake code, says the post.
“This flaw is not just an implementation bug that could be fixed with a software patch. It is a problem with the design of the handshake protocol and therefore affects all users and all complete nodes. The only way to correct this type of problem is with a soft fork, which adds new rules to the protocol and is applied by the miners ”, they state.
“Soft forks” are blockchain updates in which new versions of software are compatible with older versions and, as the post admits, usually occur with full community involvement. The handshake team performed this emergency soft fork because “the failure could not be disclosed until the new protocol rules were in place and applied for as long as possible,” the team said in the post.