Denial of Service Vulnerability Fix
Hello Steemians, for the last couple of weeks we have been working on a fix to a Denial of Service vulnerability at the same time we are wrapping up our work on MIRA.
The vulnerability involved the pending transaction queue. We've been working on, and testing, various solutions since we were informed of the vulnerability by @netuoso about 2 weeks ago. Due to the nature of the attack, we could not publicly disclose our work on this issue and we even limited knowledge of the vulnerability within the organization to minimize risk.
Witnesses & Exchanges
Earlier today we upgraded our nodes and proposed our fix to the Witnesses all of whom have since upgraded. This fix has been tested on a private testnet on which we were able to demonstrate that it successfully mitigates the underlying issue. All nodes including exchanges should be upgraded as soon as possible with this patch. We will be available for technical support for those exchanges that require it.
This vulnerability was brought to our attention by the Steem community developer, @netuoso. This highlights how important Steem’s amazing developer community is to the protocol. Their continued inspection of the chain, and effective communication of their findings, is a critical component of maintaining a safe and secure network. Thanks again to @netuoso for discovering this vulnerability and helping us develop a patch that resolves the vulnerability.
The Steemit Team