Coindesk Logo

Decentralized DNS Project Handshake Patches Inflation Bug

Decentralized DNS Project Handshake Patches Inflation Bug

Decentralized DNS Project Handshake Patches Inflation Bug

Given its severity, the team had to coordinate with miners to fix the flaw with an emergency soft fork.

Given its severity, the team had to coordinate with miners to fix the flaw with an emergency soft fork.

Given its severity, the team had to coordinate with miners to fix the flaw with an emergency soft fork.

AccessTimeIconApr 2, 2021, 9:02 PM
Updated Aug 19, 2021, 8:33 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

The team behind the decentralized Domain Name Server (DNS) project, Handshake, recently patched a bug that could have inflated the supply of HNS coins.

When it existed in Handshake’s code, the bug was never exploited and no user funds or domain data were compromised, Handshake’s developers wrote in a post.

“A flaw was discovered in the Handshake protocol that could unintentionally increase the total HNS coin supply beyond its designed limits," according to the post. "A user with a reserved name claim could have accidentally generated small amounts of extra HNS by modifying their wallet. In the worst-case scenario, a malicious miner could generate nearly unlimited extra HNS in every block. The bug was never exploited and is now fixed.” 

The team advises miners and node operators to update to the newest version ASAP.

Handshake is a decentralized domain name service wherein users can purchase Handshake names, an alternative to the DNS identifiers traditionally used for accessing websites (Handshake users pay for these in HNS token). Per the blog post, the bug would have given users who have claimed Handshake names the ability to accidentally print extra HNS tokens.

Handshake inflation bug

Matthew Zipkin, former developer at BitGo and a contributor to Bcoin, alerted the team of the vulnerability on March 24. From here, Handshake developer (and Lightning Network architect) Joseph Poon and fellow Handshake dev Christopher Jeffrey coded fixes that were rolled out to HNS mining pools first.

The team approached miners like F2Pool and Poolin first because the bug required overhauling Handshake’s code, according to the post. 

“This flaw is not just an implementation bug that could be fixed with a software patch. It is a problem with the design of the Handshake protocol and so it affects every user and all full nodes. The only way to fix this kind of issue is with a soft fork, which adds new rules to the protocol and is enforced by miners," the team said.

“Soft forks” are blockchain upgrades where new versions of a software are made compatible with older versions and, as the post admits, they typically occur with total community involvement. Handshake’s team executed this emergency soft fork because “the flaw could not be disclosed until the new protocol rules were in place and enforced by as much hashrate as possible,” the team said in the post.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.