github babylonlabs-io/babylon v1.0.1
on GitHub

21 hours ago

Description

v1.0.1 Version of Babylon Genesis Node 🚀

🏗️ Binaries

If you prefer to build from source, use the following commands: 

git clone https://github.com/babylonlabs-io/babylon.git
cd babylon
git checkout v1.0.1
# Only use the below command for mainnet
make build
# Only use the below command for testnet
BABYLON_BUILD_OPTIONS="testnet" make build

Changelog

  • #793 fix: BLS key will be overwritten when the password is not retrieved

Details

A critical security patch is now available for all Babylon node operators. This patch addresses a high-severity issue where the babylond start command may overwrite previously created BLS keys using an empty password. This patch also tightens security rules around password specification for BLS keys. We strongly recommend using secure passwords and storing them in a safe manner.

Issue Summary

Problem: The babylond start command overwrites previously created BLS keys with a new key stored under an empty password.
Severity: High. Previously created BLS key files may be corrupted.
Impact: This issue does not yet affect the chain as validators have not signed up using these keys yet, but it can become serious if not addressed promptly and prior to registration.

Patch Details

Patches the babylond start command issue described above.

Tightens rules around password specification for BLS keys. More specifically, you can specify your BLS password only through only one of:

  • BABYLON_BLS_PASSWORD environment variable
  • --no-bls-password for empty password
  • --bls-password-file for password stored in a file (default was previously bls_password.txt, now it is empty)
  • if none of the above are set, an interactive prompt is presented

Required Action

  1. Install the babylond v1.0.1 version
  2. Backup your BLS and validator keys.
  3. Validate your BLS key to check whether you are affected
  • Run babylond show-bls-key --home $HOME to attempt to decrypt your BLS key. Do so in a secure environment.
  • Enter your BLS key password when prompted. If decryption succeeds, you are unaffected.
  • If decryption fails, you must regenerate your BLS key file.
  1. Regenerate your key (if needed, i.e., above fails)
  • Remove the old file: rm $HOME/config/bls_key.json (keep a backup, just in case).
  • Recreate your key using one of the following commands:
    • babylond create-bls-key --home $HOME (prompts for password, does not store it)
    • babylond create-bls-key --bls-password-file=<path> --home $HOME (prompts for a password, stores it in )
    • babylond create-bls-key --no-bls-password --home $HOME (uses an empty password, not recommended)
    • BABYLON_BLS_PASSWORD=<pass> babylond create-bls-key --home $HOME (uses an environment variable)
  1. Verify by running babylond show-bls-key --home $HOME again

Please address this patch as soon as possible. If you need further assistance or have any questions, feel free to reach out to us directly

🏗️ Binaries

If you prefer to build from source, use the following commands: 

git clone https://github.com/babylonlabs-io/babylon.git
cd babylon
git checkout v1.0.1
# Only use the below command for mainnet
make build
# Only use the below command for testnet
BABYLON_BUILD_OPTIONS="testnet" make build

🐳 Docker Image

Image Description
babylonlabs/babylond:v1.0.1 Mainnet image
babylonlabs/babylond:v1.0.1-testnet Testnet image
Check out latest releases or
releases around babylonlabs-io/babylon v1.0.1

Don't miss a new babylon release

NewReleases is sending notifications on new releases.

Get notifications