The developers of the handshake decentralized domain name server (DNS) project recently fixed a bug that could lead to an increase in the supply of the HNS cryptoasset.
According to an article on the Handshake developer blog, the project team has fixed a bug in the protocol code. The error has never been used by hackers, and the domain data has not been compromised.
“An error was discovered in the Handshake protocol that could lead to an inadvertent increase in the total amount of HNS beyond the established limits,” the article says. “A user applying for a reserved name could accidentally receive a small amount of additional HNS when making changes to their wallet. In the worst case, a malicious miner could generate an almost unlimited number of additional HNS in each block. The bug has never been exploited by hackers and has now been fixed. “
The project team advises miners and node operators to upgrade to the latest version as soon as possible. Handshake is a decentralized domain name service where users can purchase Handshake names – an alternative to DNS identifiers traditionally used to access websites (Handshake users pay for them at HNS). According to a blog post, the bug would give users who were claiming Handshake names the opportunity to accidentally create additional HNS.
Former BitGo developer Matthew Zipkin alerted the Handshake team to the vulnerability on March 24. Handshake developer and Lightning Network architect Joseph Poon and fellow Handshake developer Christopher Jeffrey coded the fixes that were first deployed to HNS mining pools. The project team first turned to the F2Pool and Poolin pools, because the bug required a revision of the Handshake code.
“This problem is not just an implementation bug that can be fixed with a software fix. This is a design issue with the Handshake protocol and affects every user and all full nodes. The only way to solve this problem is to use a soft fork, which adds new rules to the protocol and is applied by miners, “the protocol developers said.
The Handshake team performed an emergency soft fork because “the vulnerability could not be disclosed until new protocol rules were introduced, supported by the maximum hash rate.”
Recall that in February, the Bitcoin Core developer disclosed information about the vulnerability in earlier versions of the software client. The bug was fixed in the release of Bitcoin Core 0.19.