Report Author: Toufeeq
Execution Details: Changes have been applied at block #1,443,438
Technical Committee Consensus: 5/7 signers https://avail.subscan.io/tech/32?tab=proposal
Introduction
This document provides transparency on executed network changes. A vulnerability was identified in Plonky3, an external dependency of the sp1-sdk, which has since been addressed in sp1-sdk version 5.0.0. You can learn more about the vulnerability here.
The Technical Committee (TC) has approved and executed the emergency proposal to perform a runtime upgrade of the network, along with updating the SP1 verification key. After assessing their effectiveness, impact, execution feasibility, and security implications, the TC reached a 5/7 majority consensus to proceed with the upgrade.
Executed Changes
The emergency proposal included two key changes:
-
Runtime upgrade to use sp1-sdk v5.0.0 in pallet_vector (Bridge)
-
Update the SP1 verification key
Code Modifications
For those interested, you can review the necessary code modifications in the following PR:
If you need further details or have any concerns, please feel free to leave a comment.
Thank you.