The state transition and consensus problem in the Geth client triggers a panic (crash) when handling a (valid) block containing a particular arrangement of transactions, which could lead to overall network instability if the block is accepted and propagated by unaffected clients, thus creating a DoS. This scenario may occur in a block that includes transactions that self-terminate to the block reward address.
Impaired configurations: This issue has been noted for Geth. During the examination of this problem, related issues were identified and rectified in pyethereum, meaning pyethapp is also compromised. C++ clients remain unaffected.
Probability: Low
Severity: High
Complexity: High
Consequences: Network Instability and DoS
Information: A block with a certain arrangement of transactions that incorporate one or more SUICIDE calls, although valid, results in a panic crash in the go-ethereum client and failure in pyethereum. Additional information may be provided as it becomes available.
Impact on anticipated chain reorganisation depth: None.
Actions taken by Ethereum: Provision of corrections as outlined below.
Suggested temporary solution: Transition to an unaffected client such as eth (C++).
Resolution: Update the geth and pyethereum client software.
go-ethereum (geth):
Please be aware that the current stable version of geth is now 1.1.1; if you are operating version 1.0 and utilizing a package manager such as apt-get or homebrew, the client will be updated.
If using the PPA: sudo apt-get update then sudo apt-get upgrade
If employing brew: brew update then brew reinstall ethereum
If utilizing a Windows binary: download the updated binary.
If building from source: git pull followed by make geth (please use the Master branch commit 8f09242d7f527972acb1a8b2a61c9f55000e955d)
The precise version for this update on Ubuntu AND OSX is Geth/v1.1.1-8f09242d
pyethereum:
Users of pyethapp should reinstall
> pip install pyethapp –force-reinstall
