EOSIO 1.1.1 Release Notes
The release of v1.1.1 provides critical security updates previously disclosed to existing EOSIO-based blockchain custodians as well as non-critical security updates.
Description of the Critical Issues
Self-Cancelling Deferred Transactions
Calling cancel_deferred(sender_id) using the sender_id of the currently executing deferred transaction was not properly handled. This has been resolved so that the cancel_deferred call semantics match the expectation that passing invalid or already-retired sender_id is a no-op. The currently executing transaction is considered "retired" WRT these semantics.
Description of the Non-Critical Issues
Stalled Producer Plugin
Promoting producer schedule changes from pending to active requires 2/3+1 confirmations from the currently active producers. There was an edge case when:
- 2/3 confirmations were present (only 1 more needed) AND
- The FIRST producer who had the option to provide the last confirmation each round was DOWN or otherwise not producing AND
- ALL other producers who had the option were either
- not present in the pending schedule OR
- had moved to a different position in the list
In this case, the remaining producer nodes who could provide the needed confirmation would calculate the wrong time to wake-up and produce a confirmation.
In extreme cases, this would lead to enough producers abstaining from production, despite being live and ready, to stall the promotion. This issue has been resolved.
BNet Plugin Safety
The BNet plugin exchanges messages with peers to optimize out multiple delivery of a single block. There is now a limited window of retained block IDs for this purpose.
Net Plugin Sanity Checks
The Net plugin has improved sanity checks on incoming block requests.
extended_symbol::operator <
Contracts which compared extended_symbols using the < operator would not take the extended information about hosting contract into account. This change will be reflected in the next release of the WASM SDK.
Mitigations
- None