Overview: Flawed execution of BLOCKHASH may instigate a chain reorganization resulting in consensus complications
Implicated configurations: All geth editions up to 1.1.3 and 1.2.2. All eth editions preceding 1.0.0.
Probability: Low
Impact Level: Medium
Consequence: Medium
Insights: Both C++ (eth) and Go (geth) clients feature a flawed execution of a rare scenario in the Ethereum virtual machine, namely determining which chain the BLOCKHASH command employs to fetch a block hash. This scenario is extremely rare to occur on an active network as it would only activate in specific forms of chain reorganizations (a contract performing BLOCKHASH(N – 1) where N represents the top of a non-canonical subchain that is not yet restructured to become the canonical (best/longest) chain but will be post block processing).
pyethereum remains unaffected.
Influence on anticipated chain reorganization depth: none
Corrective measures undertaken by Ethereum: Issuance of hotfixes as specified below.
Geth:
PPA: sudo apt-get update then sudo apt-get upgrade
Brew: brew update then brew reinstall ethereum
Windows: acquire the updated binary from https://github.com/ethereum/go-ethereum/releases/tag/v1.2.3
Compiling from source:
git fetch origin && git checkout origin/master
Eth:
PPA: https://gavofyork.gitbooks.io/turboethereum/content/chapter1.html