This replace was written and supplied by Litecoin MimbleWimble lead developer David Burkett.
Quarkslab has completed their audit of the code! 🚀
I’ll be assembly with them Friday to debate their findings. After that, they’ll work on releasing the audit report in a weblog put up, which I look ahead to sharing with you all.
Because you’ll have the ability to learn the total report as soon as they share their weblog put up, I received’t dive too deeply into the findings right here. However at a fast look:
There was one important problem discovered that resulted from a mistake whereas merging the MWEB code & v0.21.1 code collectively. So when copying the adjustments into the newest launch code, I missed a small, however essential line of validation code that might’ve been exploited by a malicious attacker to trigger critical disruptions to the chain 😳
This tells us…
We may actually profit from higher purposeful check protection round our validation logic to verify we’d catch comparable points ourselves in future releases.
We should always take into consideration including some processes we are able to observe to reduce the potential for this taking place. That might imply documenting all adjustments, or having 2 folks carry out the merge individually then evaluating outcomes, or a change to how we method the code evaluations.
The audit was a extremely good concept (thanks Quarkslab!)
There have been additionally some smaller findings, and a few nice strategies for a way we may enhance the standard and security of the code. General, they have been impressed with the code high quality, which was thrilling to listen to 🥳
v0.21.1 (Taproot) Launch
The launch course of 5 we inherited from bitcoin could be fairly painful. It makes use of gitian 4 to construct repeatable and deterministic binaries from the supply code. Which means that a number of folks can all construct the code on totally different machines (and even totally different working methods) and nonetheless get the identical precise launch binaries. We will then all examine the outcomes after which signal the discharge, certifying that all of us agree that the printed launch is secure & correct.
There’s a number of magic concerned to make this work, which results in a time-consuming & typically irritating expertise (particularly for n00bs like me). So I actually dragged my ft on this one 😬
. I lastly pressured myself to push by way of this a couple of days in the past, and after combating with some outdated scripts, was capable of construct all the binaries efficiently. I’ll end signing these tomorrow and hand them off for the opposite builders to repeat the construct & confirm outcomes.
After a lot of guarantees after which take-backs, I’ve lastly determined to launch a binary that enables non-technical customers to check out the MWEB testnet. I solely have the home windows launch obtainable proper now, however I’ll work on getting binaries for Mac OS X on Friday. Linux customers can construct their very own, as a result of I’m drained 😝
Hyperlink: MWEB Testnet Launch 26
Right here’s my gpg key 8 when you’d prefer to confirm the binaries first (it is best to). I’ll add directions on how to try this on the discharge web page when I’ve a while.
There’s no installer, as a result of I didn’t need anybody by accident changing their precise litecoin pockets, so to make use of it:
- Obtain (and confirm) the zip file
- Extract the
- Discover and run
litecoin-qt.exefrom contained in the bin folder
This can default to utilizing the MWEB testnet, which you’ll inform by the off-colored brand and the
[mwebtest] within the title bar. These use mwebtest cash, not precise litecoin cash. So pleeease don’t attempt to use it with actual cash.
You’ll both need to mine a block to get mwebtest cash (you possibly can CPU mine a block very quickly), or discover somebody to offer you some. If anybody is keen to setup a faucet, I’ve received a ton of cash you possibly can have 🙂
Additionally, if somebody looks like writing a information for how one can create stealth addresses, ship to and obtain from them, and all the enjoyable stuff that goes together with it, you’d be my new favourite particular person.
You’re just about again to simply ready on me once more ⏱
whereas I end making use of audit strategies after which pushing by way of the tedious strategy of merging, coordinating remaining evaluations, writing launch notes, and eventually kicking off the beloved gitian builds. I don’t know precisely how lengthy that can take, however rumor has it that it will increase by a full day for each individual that asks me 😜
What a protracted journey this has been 😅
P.S. https://wenmweb.com 132 is updated.