The developers of the decentralized domain name server (DNS) Handshake project recently fixed a bug that could lead to an increase in the supply of the HNS crypto asset.
According to an article on the Handshake developers ‘ blog, the project team has fixed a bug in the protocol code. The error was never exploited by attackers, and the domain data was not compromised.
“An error was discovered in the Handshake protocol that could have inadvertently increased the total number of HNS beyond the established limits,” the article says. “A user with a reserved name request may have accidentally received a small amount of additional HNS when making changes to their wallet. In the worst case scenario, a malicious miner could generate an almost unlimited number of additional HNS in each block. The bug was never used by intruders and has now been fixed.”
The project team advises miners and node operators to upgrade to the latest version as soon as possible. Handshake is a decentralized domain name service where users can purchase Handshake names-an alternative to the DNS identifiers traditionally used to access websites (Handshake users pay for them in HNS). According to the blog article, the bug would have given users who claimed Handshake names the opportunity to accidentally create additional HNS.
Former BitGo developer Matthew Zipkin warned the Handshake team about the vulnerability on March 24. Handshake developer and Lightning Network architect Joseph Poon and his colleague, Handshake developer Christopher Jeffrey, coded the fixes that were first deployed to HNS mining pools. The project team first turned to the F2Pool and Poolin pools, because the error required a revision of the Handshake code.
“This problem is not just an implementation bug that can be fixed with a software fix. This is a problem with the design of the Handshake protocol, and it affects every user and all full nodes. The only way to solve this problem is to use a soft fork that adds new rules to the protocol and is applied by miners, ” the protocol developers said.
The Handshake team performed an emergency soft fork because ” the vulnerability could not be disclosed until the new protocol rules supported by the maximum hashrate were introduced.”Recall that in February, the developer of Bitcoin Core disclosed information about a vulnerability in earlier versions of the software client. The bug was fixed in the Bitcoin Core 0.19 release.