Concordium node version 10.0.8 includes fixes for a number of security issues. In particular, it fixes an issue where a specially-crafted scheduled transfer transaction could result in corrupted account balances. It also improves the handling of network messages to protect against denial-of-service attacks.
Changes
- Treat scheduled transfers where the total transferred amount overflows as invalid.
- Enhance node performance by limiting outbound queue saturation to peers that are slow in processing messages.
- Prohibit peers from sending unsolicited PeerList messages
- Enhance node performance by limiting inbound queue saturation from peers that send messages aggressively by using backpressure.
- Introduce a background queue for processing messages that don't require the global block state lock.