How to update

The latest version of the node is 0.9.17. The latest version of the graphical client is version 0.9.71.

The graphical client will notify you automatically that an update is available. Click the ‘Update’ button to get it.

If the download doesn’t start automatically, you can get the latest client here. For Windows, use the file with the .exe extension. For macOS, use the file with the .dmg extension, and for Linux, use the .tar.gz file.

You may also download directly from these links:

Issues patched in the latest update

Contract-created crashes

A contract which raised an exception at run-time could have caused the node to crash. There are several cases in which it is normal for a contract to raise an exception, so a real possibility existed that this bug could have occurred.

Invalid proof of cost

It was possible to create a contract while giving it a misleadingly small cost of execution. While very unlikely to have occurred in normal use, a malicious contract could have consumed all the resources of nodes, which would have caused either a crash or a very long transaction validation time.

Do you need to update?

Your assets are secure without updating. However, unless you update:

Your client may crash.

You won’t be able to create new contracts.

At some point, your client will get stuck, and will no longer be able to sync with the blockchain.

We strongly encourage you to get the latest release of the client.

Actions we took

Detection and development

In late August, we noticed that some contracts we were developing were raising uncaught exceptions. On investigation, we found that a guard for these exceptions had been removed in February. Further intensive analysis of all contract-related logic showed that in addition to uncaught exceptions, an incorrect proof of cost was possible.

We updated ZF*, our version of the F* language, to get the fix for incorrect proofs from upstream, and we replaced the exception guard on contract execution. We also took the opportunity to fix some small errors in our contract library, making it easier for contracts to use certain functions.

As a result, existing contracts required new “hints” files, which we also bundled in the new release.

Deployment

We were able to roll out the updated node to mining pools and exchanges at the end of last week. We also installed the new node on our own seeds and services, ensuring network stability. An updated node version was made available shortly after, and we are now disclosing the bugs publicly and releasing a graphical client.