Dear @poa-validators
We recently found a critical bug in BlockReward contract implementation which fortunately never activated.
The bug is in this line of code: https://github.com/poanetwork/poa-network-consensus-contracts/blob/31fa251ab0d299ba7b70f2fd03ceb5fd04ad5950/contracts/RewardByBlock.sol#L71
This line can revert RewardByBlock.reward
system call if the block is produced by a validator which is being removed from the consensus in the same block when the corresponding ballot is being finalized.
At the moment we have two active ballots for removal (Irvin Cardenas and Kristina Yevseyeva) both in Core and Sokol chains. Finalizing those ballots with the current version of BlockReward implementation can activate that bug, so please do not finalize the ballots until the BlockReward contracts are fixed.
We fixed the bug in https://github.com/poanetwork/poa-network-consensus-contracts/pull/209 and deployed the fixed implementations:
For POA Core: https://blockscout.com/poa/core/address/0x1a71a7Dfd947A1D212394ef953099028dBe3d31b/contracts
For POA Sokol: https://blockscout.com/poa/sokol/address/0x13784220cB46932fE8d508F119deE60faAb41A0F/contracts
These implementations only differ from old ones in one line of code. You can compare the code of the new Core implementation with the old/current one, the Sokol implementation - with the old/current one.
Now we need to create a ballot for changing the implementation in Core and Sokol following the instruction:
-
To create a new ballot in POA Core, switch your MetaMask to POA Core chain, then open the page https://voting.poa.network/poa-dapps-voting/new and click
Modify Proxy Contract Ballot
. SetProposed Address
field to 0x1a71a7Dfd947A1D212394ef953099028dBe3d31b andContract Type
toRewardByBlock
. Don’t forget to set ballot’s description and setBallot End time
so that it would be enough to let other validators vote (e.g., 4 days). -
To create a new ballot in POA Sokol, switch your MetaMask to POA Sokol chain, then open the page https://voting.poa.network/poa-dapps-voting/new and click
Modify Proxy Contract Ballot
. SetProposed Address
field to 0x13784220cB46932fE8d508F119deE60faAb41A0F andContract Type
toRewardByBlock
. Don’t forget to set ballot’s description and setBallot End time
so that it would be enough to let other validators vote (e.g., 4 days).
After these two Proxy ballots are finalized, the other ballots for Irvin Cardenas and Kristina Yevseyeva removal will be able to finalize safely.
Another option to safely finalize the current consensus ballots is to ask Irvin Cardenas @irvinxyz and Kristina Yevseyeva @kristina to turn off their nodes. In this case, they will stop producing blocks and that line of code won’t revert when ballot finalization even with the buggy BlockReward implementation.