![Security alert [Implementation of BLOCKHASH instruction in C++ and Go clients can potentially cause consensus issue – Fixed. Please update.]](https://i0.wp.com/blog.ethereum.org/images/eth-org.jpeg?w=1068&resize=1068,0&ssl=1 "Security alert [Implementation of BLOCKHASH instruction in C++ and Go clients can potentially cause consensus issue – Fixed. Please update.]")
Summary: Erroneous implementation of BLOCKHASH can trigger a chain reorganisation leading to consensus problems
Affected configurations: All geth versions up to 1.1.3 and 1.2.2. All eth versions prior to 1.0.0.
Likelihood: Low
Severity: Medium
Impact: Medium
Details: Both C++ (eth) and Go (geth) clients have an erroneous implementation of an edge case in the Ethereum virtual machine, specifically which chain the BLOCKHASH instruction uses for retrieving a block hash. This edge case is very unlikely to happen on a live network as it would only be triggered in certain types of chain reorganisations (a contract executing BLOCKHASH(N – 1) where N is the head of a non-canonical subchain that is not-yet reorganised to become the canonical (best/longest) chain but will be after the block is processed).
pyethereum is unaffected.
Effects on expected chain reorganisation depth: none
Remedial action taken by Ethereum: Provision of hotfixes as below.
Geth:
PPA: sudo apt-get update then sudo apt-get upgrade
Brew: brew update then brew reinstall ethereum
Windows: download the updated binary from https://github.com/ethereum/go-ethereum/releases/tag/v1.2.3
Building from source:
git fetch origin && git checkout origin/master
Eth:
PPA: https://gavofyork.gitbooks.io/turboethereum/content/chapter1.html
