The Bytecoin Devs constantly monitor our software behavior and release fixes when necessary. Here is a list of fixes and optimisations in v3.5.1:
- fixed bug when walletd will not sync after being unable to contact bytecoind for a long time;
- fixed rare bug when exported view wallet contained wrong view secrets signature;
- fixed bug when instead of error message, empty send proof was generated for address not used in particular transaction;
Such proofs are invalid so this did not lead to any security issues;
- fixed bug when walletd sometimes included no block information for unlocked outputs in get_transfers JSON RPC call. This affected only clients who inspected per-block unlocked_transfers, but not unlocked_transfers array returned for the request as a whole;
- fixed problem when during sync_blocks excess block was returned at the start of the response. This could lead to an endless sync loop if this block size was larger than max_size limit set by caller, because only that block would be returned again and again;
- removed addresses from wallet cache for Amethyst wallets;
- walletd can now export view-only wallet without ability to view outgoing addresses from a view-wallet with such capability;
- tx_pool_version is no longer reset to 0 on block change, but steadily increases on each pool modification. It prevents some very rare race conditions between API users and daemons.
Since Bytecoin is a kind of software that deals with funds, the Bytecoin devs pay special attention to examining it for errors. Here is a list of all the security related changes and fixes:
- lots of code reorganisation to remove false positives from clang static analyser.
Clang static analyzer is a tool that analyzes source code and warns the devs about potential bugs. This change will make the software development process more fluent;
- several potential undefined behaviours fixed, related to forgetting to initialise values of primitive types in templates;
- potential floating-point undefined behaviour fixed.
Floating point is a number storage format used by software developers to process numbers over a wide spectrum of magnitudes with the same relative accuracy;
- several additional checks added to P2P commands parsing;
- potential crash in Grøstl hash implementation fixed;
Grøstl is a cryptographic hash function developed by scientists in Denmark and Austria and is part of proof-of-work calculation;
- connections using legacy P2P version (and legacy commands) prohibited, effectively enabling much stricter consensus rules for P2P (such as hard limits on the size of all commands), making potential attacks much harder;
- xSecurity options (non-executable stack, position-independent-binary, non-writable relocation table) for binaries enabled by default on Linux.
The Bytecoin devs have taken advantage of a quite specific security feature on the Linux OS. It protects against several attack vectors;
- tiny memory leak fixed.
Sometimes in order to make an advancement, some previously-developed functionality has to be deprecated. Here is a list of incompatible API changes for our integrators:
- get_transfers and get_transaction walletd methods do not return outputs in transfers by default (they are large and very rarely needed). If you need outputs, you should set need_outputs parameter to true;
- outputs field is now optional in transfer in all contexts;
- public_key field is now optional in transaction in all contexts (motivation - Amethyst transactions contain no public key);
- extra field is now optional in transaction in all contexts (motivation - after removing public key from extra, it is empty for most transactions).
You can download the updated software in the Downloads section.