No Branch/Tag Specified
arm
asyncnotedecryption
danger
dev
dev-aarch64
dev-mac
dev-old-randomx
divzaddrs
dragonx
duke
freebsd
getfilterednotes
hip39
hushutils
insync
jahway603
master
mvstuff
onryo
p2p_privacy
ramhash
relaytx
rx-largepages
setbestchain
warmup
witness_cache
wolfssl
wolfssl_win
z_createrawtransaction
z_importwallet
z_signmessage
v0.11.2.z0
v0.11.2.z1
v0.11.2.z2
v0.11.2.z3
v0.11.2.z4
v0.11.2.z5
v0.11.2.z6
v0.11.2.z7
v0.11.2.z8
v0.11.2.z9
v1.0.0
v1.0.0-beta1
v1.0.0-beta2
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.0.0-rc4
v1.0.1
v1.0.10
v1.0.10-1
v1.0.11
v1.0.11-rc1
v1.0.12
v1.0.12-rc1
v1.0.13
v1.0.13-rc1
v1.0.13-rc2
v1.0.14
v1.0.14-rc1
v1.0.15
v1.0.15-rc1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7-1
v1.0.8
v1.0.8-1
v1.0.9
v1.1.0
v1.1.0-rc1
v1.1.1
v1.1.1-rc1
v1.1.1-rc2
v1.1.2
v1.1.2-rc1
v2.0.0
v2.0.0-rc1
v2.0.1
v3.0.0
v3.1.0
v3.1.1
v3.10.0
v3.10.1
v3.10.2
v3.2.0
v3.2.1
v3.2.1-alpha
v3.2.1-beta
v3.2.2
v3.2.3
v3.3.0
v3.3.1
v3.3.2
v3.4.0
v3.4.1
v3.5.0
v3.5.1
v3.5.2
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.7.0
v3.7.1
v3.8.0
v3.9.0
v3.9.1
v3.9.2
v3.9.3
v3.9.4
Labels
bounty up to 500 HUSH 2001-5000 bounty
bounty between 2001 and 5000 HUSH 501-2000 bounty
bounty between 501 and 2000 HUSH arm
something doesn't work on arm beginners
for new developers bug
may or may not be a bug build
problems building documentation
not enough information feature
new feature high priority
high priority i2p
related to i2p low priority
low priority medium priority
medium priority question
something is not clear release
release label or issue related to it testing
related to testing tor
related to tor wontfix
this won't be fixed
Apply labels
Clear labels
0-500 bounty
bounty up to 500 HUSH 2001-5000 bounty
bounty between 2001 and 5000 HUSH 501-2000 bounty
bounty between 501 and 2000 HUSH arm
something doesn't work on arm beginners
for new developers bug
may or may not be a bug build
problems building documentation
not enough information feature
new feature high priority
high priority i2p
related to i2p low priority
low priority medium priority
medium priority question
something is not clear release
release label or issue related to it testing
related to testing tor
related to tor wontfix
this won't be fixed
No Label
0-500 bounty
2001-5000 bounty
501-2000 bounty
arm
beginners
bug
build
documentation
feature
high priority
i2p
low priority
medium priority
question
release
testing
tor
wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Assign users
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.
No due date set.
Dependencies
This issue currently doesn't have any dependencies.
Reference in new issue
There is no content yet.
Delete Branch '%!s(MISSING)'
Deleting a branch is permanent. It CANNOT be undone. Continue?
No
Yes
https://git.hush.is/hush/hush3/src/branch/dev/src/hush_globals.h#L349
The index 2 should be index 0, there is no index 2. I still need to spin up a test chain to confirm this bug is what I think and then I will change the index and verify it fixes it.
This bug would not happen on most full nodes but it would happen to solo miners or mining pools that use the
getblocktemplate
RPCI am going to explain this bug in as much detail as I can here, because wow it is a tricky bug. The good news is that even if we didn't see this bug it is a new feature that is not used by anybody ( need @fekt to confirm that ) and so I don't believe it would cause consensus problems, but it's much too close for comfort and very VERY confusing.
When I first realized that index 2 should be index 0 I said to myself "how does this not crash the node? It is doing an out of bound array access." I tested
getblocktemplate
on various blocks and indeed the node does not crash and gives back seemingly valid data. It shows data like this :which seems valid. But it's not, there is an off-by-one error and that scriptpub actually corresponds to the scriptpub of the previous address in the list.
If we had a one dimensional array the out of bounds access might cause a crash or give undefined behavior, but because we have a 2D array index 2 is actually the same as index 0 of the next row in the array. This is described in more detail at https://stackoverflow.com/questions/48219108/multidimensional-array-out-of-bound-access
So the scriptpub is actually correct but the address is not, caused by the off-by-one error of using index 2 instead of index 0.
But the inquisitive mind may ask "What happens if it is a block height which causes it to read index 2 at the very end of the list?" Indeed, I had the same question and on block height 238 of TUSH3 it will look for
DEVTAX_DATA[ 238 % 20 + 1][2]
which isDEVTAX_DATA[19][2]
(the +1 comes fromgetblocktemplate
always showing the data for the next block) and thengetblocktemplate
output showsbecause it attempted to read the index one past the very end of the 2D array.
Fixed on the dev branch. Watch out for nasal demons!