Lisk Core Security Fix, Paper Wallet & iMessage Extension

Hi Liskers,

Another fortnight has passed and Lightcurve development teams have a number of updates to share with the Lisk community. Lisk Core 1.5.0’s release was pushed back due to a critical patch release, which addressed a security vulnerability discovered on the Mainnet. Lisk Elements 2.1.0’s alpha release continues the integration of its libraries into Lisk Core. Work began on Lisk Commander 2.2.0 which will bring new node management functionalities to our CLI. New Lisk Hub 1.10.0 brings elements of new design as well as an option to print out a Lisk paper wallet. Lastly, Lisk Mobile 0.10.0 delivers the iMessage extension for iOS and 3D Touch options for all users. Want to know more? Read on.

Lisk Core

Attention node operators: 1.4.1 includes an important security fix. Please update your nodes.

1.4.1 was released to both Testnet and Mainnet this afternoon. During our work on the implementation of Lisk Core 1.5.0, we discovered a security vulnerability that required an immediate fix.

It is important to note that the vulnerability was not exploited and a significant number of active node operators have updated to Lisk Core 1.4.1 at the time of publishing this blog post. We urge all remaining node maintainers to upgrade their software to 1.4.1 for Mainnet and 1.4.1-rc.0 for Testnet.

The security vulnerability addressed an issue with processing transaction type 5 also known as “register an application on the blockchain.” We’ve discovered that registering this transaction type with a null byte character (“\u0000”, etc.) in either its description or its tag field was causing a database error while saving the record. This is due to PostgreSQL “utf-8” standard not supporting null byte characters. You can read more about this issue on GitHub.

In order to fix the vulnerability, we have decided to drop the support of text including null byte characters in any text message in all types of transactions (also, including data field of transfer transactions). Please be aware that from 1.4.1 onwards, you will not be able to send transactions including the null byte character in the data field anymore.

We will also update the definition of the transfer transaction data field in our documentation’s transactions page segment “this data field has a maximum length of 64 bytes and can be used to append messages to the transactions” to reflect this change precisely.

1.5.0 is undergoing further Quality Assurance.

As part of the QA process, we were able to spot a number of regressionsconnected with implementing an extensible data persistence model which is a prerequisite requirement for moving forward with LIP-0005 (learn more about Lisk Improvement Proposals). One of the regressions is still in the final development process. This is because Lisk Core 1.5.0 changes led to a significant drop in performance of queries performed on the transactions table with the large offset value.

We classified the problem as a non-blocker but still decided to tackle it as part of Lisk Core 1.5.0 in order to maintain high performance and quality across our product suite. Stay tuned for the next Dev Update where we discuss the solution implemented to mitigate this API performance problem.

1.6.0’s new architecture has already been implemented.

1.6.0’s biggest challenge has already been completed. We managed to migrate the Lisk Modular repository into Lisk Core and adjust the folder structure that fits into the designed architecture. More details can be found in the GitHub pull request #2814.

Details of the work in progress can be tracked on the parent issue on GitHub.We created it for you to easily reference all of the work being done for this milestone.

1.7.0 continues the integration of Elements into Core.

Work on the LIP-0006 “transaction processing efficiency” objective started by integrating the transactions package from Lisk Elements into Lisk Core, which is already modularized due to the work done on Core 1.6.0 described in the section above. We divided the milestone into separate tasks, which can be completed independently to make the review process easier and have clear steps for the development. Firstly, we implemented the schema validation of transactions in Lisk Core using the transactions library from Lisk Elements, described in the section below. Secondly, we implemented an in-memory state manager to fetch and save the account state for processing transactions. We will also introduce lisk-p2p library from Lisk Elements in this version. The parent issue has been created and we have already started working on the first issue, “create new network module.”


Lisk Elements:

2.1.0 alpha release continues the integration of Elements’ libraries into Lisk Core 1.7.0.

2.1.0-alpha.0 is the first alpha version of the new Lisk Elements release. As mentioned in the previous section, we are gradually integrating Elements’ libraries into Lisk Core. The following libraries will now be used in Lisk Core:

  • Transaction extends the functionality for Core to be able to process transactions and lays down the basis of custom transactions for the future SDK
  • Transaction-pool where transactions are held prior to being written to the block
  • P2P lays down the basis for LIP-0004 by creating the initial version of the library that is compatible with the current Core

Throughout the integration with Lisk Core, we intend to find more improvements that need to be done.

After we successfully integrate the transaction and transaction-pool libraries, we will continue with the next objectives on the roadmap, to support LIP-0009 “Mitigate transaction replay on different chains” and upcoming objective named “remove redundant properties in transactions”. Moreover, after the integration of P2P library, we will continue development to implement LIP-0004, also known as “Introduce robust peer selection and banning mechanism”.

Lisk Commander

2.2.0 will bring enhanced node management functionality to Lisk Commander.

2.2.0’s development has already started and will address two roadmap objectives:

In these objectives, we are going to implement various commands to easily manage a Lisk Core node straight from our Command Line Interface. These will include simple functions such as “node:install”, “node:start”, and “node:status”. For example, “node:install” will allow you to install Lisk Core right from your local machine.

Lisk Hub

1.10.0 features new design with simplified registration process and option to create a paper wallet.

1.10.0 was released last week on February 6th with a first glimpse of the new UX/UI that will be rolled out over time. Here is a closer look at the four key changes:

1. Choose your own avatar and passphrase with new registration process

We implemented the improved design of our splash screen, login and registration in issue #1574. The main highlight of the new registration process allows you to choose a custom avatar and passphrase from several options.

Choose avatar

2. Reminder to initialize your account in the dashboard ?

We added a banner to the dashboard as a reminder for those who haven’t to initialize your account in issue #1660. Previously, account initialization was promoted only in the wallet section. Now this banner has been implemented to appear on the dashboard if the current account contains funds and is not yet protected by initialization. This was done in an effort to make sure that all users of Lisk Hub are aware of the importance of initializing your Lisk account.

3. Generate and print a paper wallet from Lisk Hub

Implement paper wallet in registration #1594. Now you can easily backup your passphrase by generating and printing a paper wallet.

Passphrase backup

4. Introduced new top navigation menu with clear icons ??

In issue #1648, we implemented the new top navigation menu and removed the old sidebar. The compact, minimal navigation design maximizes space for the actual content of each page. The basic function of icons in apps is to convey information quickly and that is why we also introduced new menu icons that clearly indicate the function of each page they click to.


1.11.0’s feature development is finished, introducing our new design to the dashboard and wallet.

1.12.0 is currently in progress and presents an extension system for developers.

We’re excited to announce a special feature for developers. We started working on an initial version of an extension system that at the beginning will allow developers to add custom modules to the dashboard, and will help us evaluate the direction of customization of Lisk Hub in relation to the Alpha SDK, so you’ll surely hear more about this in near future.

Lisk Mobile

Lisk Mobile 0.10.0 enables 3D Touch and sending LSK via iMessage on iOS.

0.10.0 was released this week on Monday, February 11. Several new features were released including the 3D Touch shortcuts menu, which appears when you hold down the app icon for an extended period of time. The shortcut allows you to directly open the mobile wallet’s most used pages, such as sending and requesting LSK tokens. 3D Touch is available on both Android and iOS. You can also benefit from our new iMessage extension, which is a feature specific to iOS. To request LSK tokens, it’s as simple as opening iMessage and requesting tokens by sending a message to one your contacts, who then decides whether to accept or reject your request for 1000 LSK tokens ?. Altay, Lightcurve Frontend developer working on Lisk Mobile recently showcased the new extension on our Reddit.

We’ve decided to shift the German localization feature to Lisk Mobile 0.11.0 release in order to be able to provide the most accurate and user-friendly translation.

Thanks for keeping up with the latest developments here at Lightcurve. The next two weeks will see us progress further through various objectives on the roadmap as well as produce multiple releases across our product suite.

Lightcurve Development Team

Lisk empowers individuals to create a more decentralized, efficient and transparent global economy. We welcome you to join us in our mission.


Blockchain application platform