Recently our community members from the CryptoScope team, developers of Solus Explorer [https://rvn.cryptoscope.io], reached the Ravencoin team with the findings that Ravencoin blockchain has a vulnerability which was used by unknowns to mint RVN that goes beyond the coinbase of 5000 RVN per block.
Thanks to the CryptoScope team that brought it to our attention and kudos to them and their technology for detecting the exploit. After identifying the vulnerability, Ravencoin development and CryptoScope team coordinated to avoid the leakage of the possibility to exploit the vulnerability and Ravencoin development team immediately started code review to detect, isolate and fix the issue.
A community code submission caused a bug that has been exploited. Law enforcement has been notified and is working with us.
The vulnerability does not allow the stealing of RVN or assets that you own and control, but the minting did create RVN that should not exist. We’ve discussed the impact of the extra RVN and what can be done. Because those RVN were transferred to an exchange and traded, they are mixed with other RVN and therefore any programmatic attempt at burning them, with miner and community backing, would cause irreparable harm to innocent victims. As it stands, the burden has been shared across all RVN holders in proportion to their RVN holdings in the form of inflation.
The vulnerability does not impact Ravencoin assets, so all asset balances are safe. As we are transitioning from the vulnerable code to fixed code, there may be some chain instability. Please keep transactions to a minimum until the chain is stabilized and miners are using the updated software.
The open-source and decentralized nature of this project prevents a quick and easy fix as we only develop source code, and do not operate the network. We are notifying the exchanges so they can determine whether to pause their deposits, withdrawals or trading. We are requesting that mining pools immediately upgrade to the latest binaries available at: https://github.com/RavenProject/Ravencoin/releases/latest
This should only require updating your ravend.
What about everyone else? It is wise to be on the newest Ravencoin version, but once the miners have updated, then fraudulent transactions…