Incognito chain’s code upgrade (tag: 20220117_1)

Hi Incognito validators,

We’ve just released a protocol code update for Polygon bridge. This is a mandatory update, the latest code is published in 2 forms:

• The source code’s tag might be found at mainnet_20220117_1
• The Docker image might be pulled from 20220117_1

If you run pNodes or set up your vNodes by following our instructions , they should pull the latest docker image automatically. In case you encounter any issues with the code update, feel free to contact @support for assistance.

Thanks!

Cheers @duc all updated already. Although the automatic docker pull update is very convenient, you should redesign this. Updating the whole network with a docker tag push is a serious security problem. I am assuming fixed nodes does not update like this today, which would prevent a bad actor from taking over the network. Once the community validated nodes have majority, these updates have to be staggered in a more secure way.

Fullnodes, vNodes and fixed nodes operating by the core team do not automatically update, we do it manually to make sure a new update doesn’t bring all nodes down.
It’s up to node operators to choose a secure and convenient method themselves. For example, those who have highly technical skills like @adrian managing his nodes with a k8s cluster if I recall rightly and didn’t set up an auto-update method for security concerns while others would prefer a less secure but more convenient method with auto-update script.

Also, although it’s not quite relevant, it’s worth mentioning the team was working on a new way of protocol update, it’s quite similar to the way bitcoin network adopting a new protocol update: it requires a threshold of number of validators in the whole network running the new code for a new protocol to be applied.

Fair enough. I will change my scripts to update on an irregular basis instead of polling whenever there is a new tag.

Maybe the official incognito node script could wait +x days after a tag has been published? That would give the Incognito time to react to a breach or non-working version pushed by mistake.

What is the policy on protocol-breaking changes? How many days (epochs) ahead of a change do you publish the release?

If I go back through the previous posts, it’s almost always noted as “a mandatory update”. I am wondering how far behind the “HEAD” tag I can keep my nodes running?

@fredlee @duc To address the security issue, can we not increase the check interval in the current inc_node_installer.sh script to be a specific number of days? What is the largest number of seconds I can enter into the “check interval” variable? Also, just to make sure I understand the script, can one disable the check interval with a value of “0” to force manual updates?