Ravencoin — Emergency Ended
This is to let everyone know that the Ravencoin network is stable even if I’m still a little shaky and bleary-eyed. There was a serious vulnerability of the inflation type. The miners and mining pools are now mining a solid majority of the blocks with the new code that rejects the bad transactions. The fix went active at block 1304352 at Jul 4, 2020 7:26:27 AM (MDT).
Thanks to all the mining pools that updated quickly, reducing the time the network remained vulnerable. If you’re one of the very few pools, or solo miners, that hasn’t updated, your blocks will be orphaned if you include a bad transaction.
There were additional transactions that occurred after the vulnerability was found. The fully automated transactions stopped at 2020–07–03 05:23:01 UTC, and thankfully the first perpetrator did not nuke the project with a massive issuance.
Then, three other transactions exploited the vulnerability and it appears to be from two different actors neither of which nuked the project but did add another 4.8 million RVN.
One of the perpetrators left a trail so we have a name. I’ll ask all of you to send your ill-gotten RVN to RXBurnXXXXXXXXXXXXXXXXXXXXXXWUo9FV. This would be a wonderful gesture and you can more fully enjoy your time on earth without the nagging regret that will shave years off your guilt-ridden life.
Exchanges with RVN pairs can turn on deposits now and resume active trading if it was paused. The greatest danger, which was a massive inflation event, has passed. The network is running smoothly with the vast majority of the hash power mining blocks and validating with the updated consensus code.
The total excess issuance is 301,804,400.51605642 RVN. There is an economic impact that has been largely absorbed over the same time frame as the excess issuance and explains the lackluster RVN price. There’s a trust that needs to be rebuilt, but the technical aspects of the Ravencoin platform are stable.
View the transactions: https://rvn.cryptoscope.io/address/?address=Illegal%20Supply Thanks to CryptoScope team for identifying the excess RVN and bringing it to our attention.
There will be a full write-up of how this happened, what has been learned, and how we intend to protect against similar attacks in the future. Until then, if you’re American, enjoy Independence Day, and if you’re British, enjoy Treason Day. For everyone else, enjoy your weekend and I look forward to a discussion of what was done and how it might’ve been handled differently.