There is a severe security flaw using Berkeley DB and the default settings given in older versions of Bitcoin.
https://en.bitcoin.it/wiki/BIP_0050http://bitcoin.org/may15.htmlThis needs to be addressed within the next quarter for Litecoin.
[00:44] <fuzzy> uh guys
[00:44] <fuzzy> https://en.bitcoin.it/wiki/BIP_0050
[00:44] <fuzzy> is that serious?
[00:44] <fuzzy> that article specifies that the bug persists for all versions of bitcoin prior to 0.8.1 and that implicit forks of the blockchain can be performed at any time
[00:49] <warren> fuzzy: yes, it's possible, just very difficult
[00:49] <warren> fuzzy: easier than 51% difficult
[00:52] <warren> fuzzy: I'm posting on the forum about this now.
[00:53] <fuzzy> Thanks!
[00:55] <warren> coblee: gavin is raising awareness of the self-consistency hard fork risk and users are now beginning to ask about it. https://bitcointalk.org/index.php?topic=159238.0;all
[00:56] <warren> coblee: IMHO, you should issue a patched 0.6.3 with a hard-fork scheduled on a future date so litecoin users don't have to worry about this.
[00:56] <warren> coblee: on second thought, I was not cautious enough in accepting waiting for May/June to decide what to do.
[00:57] <warren> coblee: https://en.bitcoin.it/wiki/BIP_0050
[00:58] <warren> coblee: your 0.6.3 hardfork would be modeled like this: http://bitcoin.org/may15.html
[00:59] <warren> coblee: Please understand that the DB_CONFIG workaround is NOT safe. That *does* the hard fork. Rather than have users do it haphazardly, you should schedule it in the future.
[01:00] <warren> coblee: I have more bad news.
[01:00] <warren> hmm. I'll explain later.
[01:08] <warren> fuzzy: to be clear, it is my personal opinion having studied this issue that the risk is REALLY SMALL. Bitcoin itself is vulnerable to this risk until May 15th and folks aren't worried about it.
[01:08] <warren> fuzzy: the real risk is if Litecoin doesn't hardfork to eliminate the risk in a timely manner.
#litecoin-dev @
http://webchat.freenode.net/Details on how to temporarily fix this for the Litecoin client version 0.6.3 are here:
https://bitcointalk.org/index.php?topic=159238.msg1698182#msg1698182Eventually the client will need to move to 0.8.1+ versions. Coblee has stated he will do this:
Litecoin will be updated to 0.8.1 soon. Like wtogami said, I had originally planned to stay 1 major version behind Bitcoin so that we don't get bit by a bad release. But as it turned out, the 0.8 hard fork just made it clear that there was an issue with old releases that could cause a hard fork even without 0.8. So wtogami and pooler will be helping me with rebasing the Litecoin code to 0.8.1. I do want to wait til May 15 to make sure that Bitcoin is able to handle the potential hard fork. Since the Litecoin community is much smaller, we should have even less of a problem. But it's better to be safe.
https://bitcointalk.org/index.php?topic=159238.msg1699934#msg1699934However, most other major altchains operating on forks of bitcoin versions before 0.8.1 will also need to implement this, so please update your sources accordingly!
