In preparation for the new Core V2 deployment on MainNet, we are releasing an update to the current (soon to be deprecated) ARK Node V1. This update will apply to the ARK MainNet and will take care of some of the bugs and potential security vulnerabilities that we have identified in testing.

Note: this update is only relevant to those running relay and delegate nodes (regular users DO NOT have to do anything).

THIS IS NOT A V2 UPDATE.

This will bring the V1 codebase from 1.0.3 to 1.1.0.

This should be the last version we will be releasing for our legacy ARK Node codebase for V1 on MainNet. Of course, if we find any new security threats we will request another update from all of the delegates/relays.

How to Update?

Again, this update is ONLY relevant for anyone running an active or relay node (delegates or those running relay nodes to support the network/running for their own solutions).

To update simply follow the below instructions:

Login to your server with you credentials Start ARKcommander.sh script by running:

bash ARKcommander.sh

Once asked, input your sudo password for the user you have logged in with.

In case you are not sure if you have the latest version you can remove the previous one and download the latest one by following these commands:



wget

bash ARKcommander.sh rm ARKcommander.shwget https://raw.githubusercontent.com/ArkEcosystem/ARKcommander/master/ARKcommander.sh bash ARKcommander.sh

3. In the upper section you’ll see a nice message - “New update available press ‘3’ to update”. Press number ‘3’ and ‘enter’ to start the update process. The node will be updated with the latest release from GitHub. After the update has been completed, press ‘enter’ to restart your node.

4. If you are running a delegate on mainnet you will need to set the passphrase for your node as the config will be rewritten with the empty one due to the bump version from 1.0.3 to 1.1.0. To do that in the ARKCommander simply press ‘5’ and ‘enter’ (Set/Reset Secret) and paste in your delegate passphrase.

5. Once updated (and passphrase set for active delegates) and back in the menu simply press ‘L’ and ‘enter’ to open real-time logs.

What does this update bring?

This update has taken care of several security vulnerabilities in the current codebase and implemented improved checks for added security:

Disabled some of the endpoints that could be used to crash nodes and get them to miss blocks (active delegates)

Fixed an issue that could cause votes & delegates to be duplicated (adding unique constraints in the DB)

Fixed an issue where blocks were processed before they were verified

Fixed a timestamp (time-travel) overflow issue

Fixed some logging issues where data was missing

Implemented stricter validation of vote data

Fixed an issue that could result in transaction pool spam

Fixed an issue that could result in duplicated transactions in the pool

This update should mitigate the remaining known security vulnerabilities in ARK Core v1 and leave a better, more secure legacy codebase for those who choose to use it. All updates relevant to this Core v1 patch are non-issues in the new ARK Core v2 codebase and do not require an update of devnet.