Version 1.7.0 of the Chia reference client is now available for download! This release includes some necessary security fixes for which we strongly recommend everyone update their client. Version 1.7.0 also rolls out some UX changes and updated functionality to NFTs and Offers.
1.7.0 also serves as the announcement of an upcoming Soft Fork.
A Soft Fork
The Chia blockchain and ecosystem have grown massively over the last two years, and we’ve seen a lot of neat development and exciting engagement with the tools we have built. With the scaling of any technology and its use cases come the expected growing pains. We’ve identified a few ways to clean up the development ecosystem, which we believe will simultaneously increase the security of assets and technology and provide better guardrails for developers.
A soft fork will occur at block 3630000, roughly 90 days from today. (Note that this fork has nothing to do with the proposal to reduce the plot filter, as outlined in this proposed CHIP).
Below is more context on the changes going live with the Soft Fork.
Announcement on Spend:
We’ve identified some insecure transactions on the blockchain that were created with a custom program different from the reference Chia wallet – these transactions don’t include asserting coin announcements from coins spent in the same transaction – which may be putting their assets at risk with a spend.
What does this mean for me?
This does not impact you if you use a wallet such as the Chia reference wallet or other well-known wallets. This only impacts a very small number of custom-developed wallets that don’t conform to the best practices included in our documentation. If you use a custom wallet that transacts this way, your assets could be at risk when you spend them.
Why are we making this change?
We believe it is in the best interest of the broader network and community to address this. We rely on our documentation and best practices to help guide people away from problematic or potentially insecure development. However, as we still see this in the wild, we felt it was our responsibility to add more robust guardrails for the future. This change will serve to protect developers from making mistakes or errors that could put them or their products at risk.
The technical details
If you are using or developing an alternative wallet, you should consider halting any spends until this soft fork takes effect and/or adding dependencies on announcements of spends between the different coins in transactions. It’s a best practice always to enforce atomicity of all coin spends in a transaction via announcements. Once this soft fork takes effect, it will be risky but possible to enforce atomicity via the aggregation property of signatures, but that requires a lot of care when making multiple possible spends of the same coin.
While this issue and the related fix do not impact the vast majority of users and wallets, there is a small subset of wallets holding assets that have had previous spends, which were susceptible to the problem that this fixes.
Denial of Service Attacks:
We’ve spent a lot of time and energy hardening our network against Denial of Service (DoS) attacks. For example, to protect against CLVM DoS attacks, we charge costs for every operation and memory allocation. This fix simply seeks to limit the amount of potential resource usage by filtering specific CLVM operations which fall outside reasonable limits of memory allocation (read: bad actors acting badly).
What does this mean for me?
You shouldn’t notice anything from the change.
As both stewards and members of the Chia development ecosystem, we’ve approached this decision thoughtfully, with a focus on protecting you and your assets. That said, we believe this change to be necessary.
1.7.0 Security Fixes
While the Soft Fork includes security changes to be implemented upon forking, 1.7.0 also deploys some additional security fixes immediately. These are routine and will follow our standard security comms process with additional context following the release.
Additionally, we’re deploying a fix that was missed on the 1.6.1 patch cycle for the Chia Asset Token bug in Offer file settlements. Users are recommended to upgrade to version 1.7.0 prior to accepting any new offers.
As ever, we appreciate the community raising issues they find – the fix should now be live.
End User Changes
The Fee Estimator will now provide a dynamic fee estimation based on a calculation of available capacity currently in the mempool.
- This tool will only be available while running in farmer mode, as it requires a local full node
Other UX changes include:
- Support for importing wallet keys with 12 word mnemonics.
NFT Search Bar
- The NFT search bar has been integrated into a few places which we think helps usability and visibility for users. You can now use the search bar in gallery view and when creating an offer that is returning NFTs owned by the wallet.
Detail Scrolling View
- Users may now scroll through NFTs while in the detail view like a carousel
- We’ve implemented the ability to select multiple NFTs to perform bulk operations including:
- Transfer to a profile
- Transfer NFT
- Send to burn address
- Show/hide NFTs
- Create offers
- Refresh NFT data
- Allows users who are creating offers for someone’s NFT to notify the wallet owner of the available offer. We expect this change to provide added visibility to Offers on NFTs you own.
- Sending a notification requires a small cost that will be paid to the NFT owner along with an optional fee that will be paid to farmers.
- When an offer is made on your NFT, you will see a notification alert pop up in the new notification center where you can view and accept the offer. There is an option in settings to turn on push notifications so you can be notified when the Chia wallet is minimized.
- After receiving an offer, you can view, counter, or delete any received offer from the incoming list.
For Developers and Creators – RPC and CLI only
- Allow users to make change from a large coin (CLI only)
- Allow users to collect dust and aggregate into a larger coin (CLI only)