Stellar Development Foundation
Yesterday, as part of the continued ecosystem-wide effort to test Soroban, a bug was discovered in Stellar Core v20.1.0 that could impact applications and services that use fee bumps for Soroban transactions if or when the Mainnet upgrades to Protocol 20.
At this point, we, the ecosystem — and specifically the validators who run nodes that support the network and participate in governance decisions — have a choice: continue with the Protocol 20 upgrade vote on January 30 as planned or delay the vote to wait for a new Stellar Core release that fixes the bug.
Because this is a bug with limited impact that can be mitigated through adherence to best practices, we, the Stellar Development Foundation in our capacity as a validator, have decided we are comfortable continuing with the Protocol 20 upgrade vote on January 30 as planned.
After thinking through the possibilities, we believe the bug poses a low risk through Phases 0 and 1 of the Soroban rollout because the strict limits on Soroban transactions will cap loss and prevent exploits at scale. We also believe that if applications follow best practices — which you can find in the post below — they can protect themselves from potential harm. And so we intend to arm our nodes for the upgrade as planned.
It is up to other validators to make their own decision. If they decide to vote for the upgrade, then the current timeline will hold. If they decide not to, the network will not upgrade January 30, but we will schedule a new vote when a fix is implemented.
Either way, SDF engineers are already working to resolve the bug, and as soon as a new Stellar Core release is available, we are committed to working with the ecosystem to roll it out across the network and fix the problem entirely.
And while ultimately, it's up to validators to review the situation and decide whether to continue with the vote as planned, we — the Stellar Development Foundation, network validators, and the ecosystem as a whole — could all benefit from some conversation about what to do next. If you have questions, suggestions, or opinions, please share them in the #protocol20 channel of the Stellar Dev Discord.
From us, expect transparency: we promise to share any information with you as soon as we can, and to keep you posted as things develop. From you, we ask for participation: please read through the information below and, especially if you run a validator, let us know what you think.
More on the bug and recommended best practices is below.
To be clear: this bug only affects fee bumped Soroban transactions.
Some background: Stellar supports fee bump transactions, which wrap an internal transaction and pay that transaction's fees. It's a feature used to sponsor fees, often by wallets that want to offer a seamless user experience or by entities that submit many transactions to implement a central fee pool.
Soroban’s multidimensional fee design introduces a “refundable” fee component that can be fully or partially refunded to the transaction submitter if it’s not fully utilized, and the bug lives where that refundable component — which again, only exists in Soroban transactions — and fee bumps overlap.
The fee bump bug causes the fee refund, if it exists, to deviate from expected behavior.
As a result of the bug:
Below are the recommended best practices to mitigate the risks of the fee bump bug if the upgrade to Protocol 20 continues as planned on January 30th.
This section describes best practices for sponsoring transactions, regardless of the existence of this particular bug.
In general, if you use FeeBump transactions in your product or service:
In order to sponsor Soroban transactions, we recommend building the transaction on the sponsorship service and using the Soroban auth framework. The wallet client should only send an operation or contract invocation arguments, as well as the corresponding signed auth payload(s). The sponsoring service runs preflight using the provided invocation and auth, and then signs the full transaction.
There are also a few additional measures you can take to mitigate any potential risks:
Talk to us
We want to hear from you in the #protocol20 channel of the Stellar Dev Discord: