This replace was written and offered by Litecoin MimbleWimble lead developer David Burkett.
——–
Audit
Quarkslab has completed their audit of the code! 🚀
I’ll be assembly with them Friday to debate their findings. After that, they’ll work on releasing the audit report in a weblog publish, which I sit up for sharing with you all.
Findings
Because you’ll have the ability to learn the complete report as soon as they share their weblog publish, I received’t dive too deeply into the findings right here. However at a fast look:
There was one important situation discovered that resulted from a mistake whereas merging the MWEB code & v0.21.1 code collectively. So when copying the modifications into the most recent launch code, I missed a small, however essential line of validation code that might’ve been exploited by a malicious attacker to trigger severe disruptions to the chain 😳
This tells us…
-
We might actually profit from higher useful check protection round our validation logic to ensure we might catch related points ourselves in future releases.
-
We should always take into consideration including some processes we are able to observe to attenuate the potential for this taking place. That would imply documenting all modifications, or having 2 folks carry out the merge individually then evaluating outcomes, or a change to how we strategy the code opinions.
-
The audit was a very good concept (thanks Quarkslab!)
There have been additionally some smaller findings, and a few nice solutions for a way we might enhance the standard and security of the code. General, they had been impressed with the code high quality, which was thrilling to listen to 🥳
v0.21.1 (Taproot) Launch
The launch course of 5 we inherited from bitcoin may be fairly painful. It makes use of gitian 4 to construct repeatable and deterministic binaries from the supply code. Because of this a number of folks can all construct the code on completely different machines (and even completely different working programs) and nonetheless get the identical actual launch binaries. We will then all evaluate the outcomes after which signal the discharge, certifying that all of us agree that the revealed launch is protected & correct.
There’s a variety of magic concerned to make this work, which results in a time-consuming & typically irritating expertise (particularly for n00bs like me). So I actually dragged my toes on this one 😬
. I lastly compelled myself to push by way of this a couple of days in the past, and after preventing with some outdated scripts, was in a position to construct the entire binaries efficiently. I’ll end signing these tomorrow and hand them off for the opposite builders to repeat the construct & confirm outcomes.
MWEB Testnet
After numerous guarantees after which take-backs, I’ve lastly determined to launch a binary that permits non-technical customers to check out the MWEB testnet. I solely have the home windows launch out there proper now, however I’ll work on getting binaries for Mac OS X on Friday. Linux customers can construct their very own, as a result of I’m drained 😝
Hyperlink: MWEB Testnet Launch 26
Right here’s my gpg key 8 should you’d prefer to confirm the binaries first (you need to). I’ll add directions on how to do this on the discharge web page when I’ve a while.
There’s no installer, as a result of I didn’t need anybody unintentionally changing their precise litecoin pockets, so to make use of it:
- Obtain (and confirm) the zip file
- Extract the
litecoin-63fe928e4e8a
folder - Discover and run
litecoin-qt.exe
from contained in the bin folder
This can default to utilizing the MWEB testnet, which you’ll inform by the off-colored emblem and the [mwebtest]
within the title bar. These use mwebtest cash, not precise litecoin cash. So pleeease don’t attempt to use it with actual cash.
You’ll both must mine a block to get mwebtest cash (you’ll be able to CPU mine a block very quickly), or discover somebody to offer you some. If anybody is keen to setup a faucet, I’ve received a ton of cash you’ll be able to have 🙂
Additionally, if somebody appears like writing a information for find out how to create stealth addresses, ship to and obtain from them, and the entire enjoyable stuff that goes together with it, you’d be my new favourite individual.
Remaining Schedule
You’re just about again to only ready on me once more ⏱
whereas I end making use of audit solutions after which pushing by way of the tedious strategy of merging, coordinating last opinions, writing launch notes, and at last kicking off the beloved gitian builds. I don’t know precisely how lengthy that can take, however rumor has it that it will increase by a full day for each individual that asks me 😜
What a protracted journey this has been 😅
P.S. https://wenmweb.com 132 is updated.