



Welcome to the chaos that is security = ). Let's get this first part over with quickly:

Your GRC is safe. The exploit used to stake all those blocks in a row does not endanger your GRC or information in any way.

As has been noted, the 1 millionth block was mined by developer Tomáš Brod (tomasbrod on github and Brod on slack).

As has also been noted, he did this by utilizing a known exploit.

After an in depth conversation with Brod, it is clear that this was not a malicious attack. He will not be accepting the 1 Millionth Commemorative Coin. He has surrendered that honor to the staker of block 999998, pomegranate-.

So, why did Brod do this?

Weeks ago, Brod tested and submitted a fix to this exploit in the form of a protocol tweak. The update is sitting on the development branch on github. You can find his testings on GRCstats around June 3rd. He was unable to test the exploit on testnet as he claims that it is too easy to stake on the testnet even without the exploit. Having lurked around many conversations regarding testnet staking, I do not find this difficult to believe.

Brod's fix is a new stake kernel called StakeV8. You can find documentation on this fix here. Keep in mind that the wiki is a work in progress.

While analyzing all of this information for yourself, keep in mind that the reasons for delaying the roll-out of StakeV8 include holding off until the mandatory update currently under production is completed. This way we would only need to contact exchanges once.

What is the exploit?

In short, the attack takes advantage of how the current PoS protocol helps a new user increase their probability to stake. For those seeking more information, we recommend you look at the Wiki for StakeV8. The exploit involves the variable RSAWeight along with a second PoW exploit meant to ensure a block is staked. Both of these exploits are fixed with StakeV8.

Brod exploited these flaws at a high profile event that he knew would get a response. How we respond is up to us.

These exploits need attention. Much of Gridcoin needs attention. Attention that has only just begun to receive, so do not be dismayed! Security and communication are particularly crucial issues that need rapid corrections, and these appear to be happening with the Github Community and the new method of contacting devs. If you don't know what I'm talking about here, either stay tuned or give a listen to the most recent Beyond Bitcoin or GRC Hangout talks given by @cm-steem.

Regarding the Comm Coin:

We must find pomegranate- and see what he wants us to do with the coin!

If anyone finds him let him know he has 14 days to claim the coin before it goes to the foundation.

Otherwise, keep an eye out for some updates coming from @dutch regarding the milling of the coin!

Signed by:

@jringo

@brod

@m3rcos1ty