EOS EVM v0.5.1 Release Notes
This release fixes a security vulnerability discovered in EOS EVM Contract. EOS EVM RPC has also been updated with an unrelated bug fix.
Components
EOS EVM Contract
Enforce ChainID in transactions
According to EIP-155, a transaction must have a (matched) ChainID for replay protection. However, prior to this release, the ChainID in a transaction was only checked if it was provided.
This release of EOS EVM Contract enforces that the transaction pushed to the EOS EVM includes a valid ChainID. Exceptions are only made for transactions that are internally generated by the EOS EVM Contract itself since there is no concern of replay attacks for such transactions (they do not even contain valid signatures).
EOS EVM Node and RPC
Handle transfers to reserved addresses consistently in EOS EVM RPC
EOS EVM RPC processed transactions involving a transfer from a reserved address differently than the other components which could lead to several trace functions to fail. This release fixes that bug as well.
Building, compatibility, and upgrading
Building
The README in the eos-evm repository contains instructions on how to build the components.
Compatibility and upgrading
The components can be upgraded from the 0.5.0 release.
The EOS EVM Contract is simply upgrading by deploying the WASM and ABI.
EOS EVM Node and EOS EVM RPC binaries can be replaced and relaunched (no replay required). There is also no need to upgrade the EOS EVM Node since the only change to it is the reported version number.
Further details on changes since last release
Contributors
Special thanks to the contributors that submitted patches for this release:
Full list of changes since last release
PRs
Full Changelog: v0.5.0...v0.5.1
