This update was written and provided by Litecoin MimbleWimble lead developer David Burkett.
——–
Audit
Quarkslab has finished their audit of the code! 🚀
I’ll be meeting with them Friday to discuss their findings. After that, they’ll work on releasing
the audit report in a blog post, which I look forward to sharing with you all.
Findings
Since you’ll be able to read the full report once they share their blog post, I won’t dive too
deeply into the findings here. But at a quick glance:
There was one critical issue found that resulted from a mistake while merging the MWEB code &
v0.21.1 code together. So when copying the changes into the latest release code, I missed a small,
but crucial line of validation code that could’ve been exploited by a malicious attacker to cause
serious disruptions to the chain 😳
This tells us…
-
We could really benefit from better functional test coverage around our validation logic to
make sure we would catch similar issues ourselves in future releases. -
We should think about adding some processes we can follow to minimize the possibility of this
happening. That could mean documenting all changes, or having 2 people perform the merge
separately then comparing results, or a change to how we approach the code reviews. -
The audit was a really good idea (thanks Quarkslab!)
There were also some smaller findings, and some great suggestions for how we could improve the
quality and safety of the code. Overall, they were impressed with the code quality, which was
exciting to hear 🥳
v0.21.1 (Taproot) Release
The release process
5 we inherited from bitcoin can be quite painful. It uses gitian 4 to build repeatable and
deterministic binaries from the source code. This means that multiple people can all build the code
on different machines (and even different operating systems) and still get the same exact release
binaries. We can then all compare the results and then sign the release, certifying that we all
agree that the published release is safe & accurate.
There’s a lot of magic involved to make this work, which leads to a time-consuming & often
frustrating experience (especially for n00bs like me). So I really dragged my feet on this one
😬
. I finally forced myself to push through this a few days ago, and after fighting with some
outdated scripts, was able to build all of the binaries successfully. I’ll finish signing these
tomorrow and hand them off for the other developers to repeat the build & verify results.
MWEB Testnet
After lots of promises and then take-backs, I’ve finally decided to release a binary that allows
non-technical users to try out the MWEB testnet. I only have the windows release available right
now, but I’ll work on getting binaries for Mac OS X on Friday. Linux users can build their own,
because I’m tired 😝
Link: MWEB Testnet Release
26
Here’s my gpg
key 8 if you’d like to verify the binaries first (you should). I’ll add instructions on how to
do that on the release page when I have some time.
There’s no installer, because I didn’t want anyone accidentally replacing their actual litecoin
wallet, so to use it:
- Download (and verify) the zip file
- Extract the
litecoin-63fe928e4e8a
folder - Find and run
litecoin-qt.exe
from inside the bin folder
This will default to using the MWEB testnet, which you can tell by the off-colored logo and the
[mwebtest]
in the title bar. These use mwebtest coins, not actual litecoin coins.
So pleeease don’t try to use it with real money.
You’ll either have to mine a block to get mwebtest coins (you can CPU mine a block in no time), or
find someone to give you some. If anyone is willing to setup a faucet, I’ve got a ton of coins you
can have 🙂
Also, if someone feels like writing a guide for how to create stealth addresses, send to and
receive from them, and all of the fun stuff that goes along with it, you’d be my new favorite
person.
Remaining Schedule
You’re pretty much back to just waiting on me again ⏱
while I finish applying audit
suggestions and then pushing through the tedious process of merging, coordinating final reviews,
writing release notes, and finally kicking off the beloved gitian builds. I don’t know exactly how
long that will take, but rumor has it that it increases by a full day for every person that asks me
😜
What a long journey this has been 😅
P.S. https://wenmweb.com 132 is up to date.