DragonX/hush3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a0eb7769217ed1e9472018359e718d07fd6e27a
hush3/doc/CHANGELOG-randomx-validation.md
dan_s 8a0eb77692 Fix RandomX validation exploit with difficulty reset, improve build system 
- One-time difficulty reset to minimum for 17 blocks at activation height
- Separate RandomX build dirs for linux/win64 cross-compilation
- Add build target tracking to auto-clean on target switch
- Automated win64 release packaging to release-win64/
- Add build artifacts to .gitignore
- Miner memory diagnostics and large-page dataset fallback
2026-02-19 22:07:38 -06:00

96 lines
4.8 KiB
Markdown
Raw Blame History

# Changelog: RandomX Validation Bug Fix
## Summary
Fixes a critical exploit allowing miners on RandomX-based Hush Arrakis Chains (HACs) to bypass RandomX proof-of-work validation entirely. Adds proper RandomX solution verification to the block validation pipeline, fixes the miner's RandomX input construction, and introduces per-chain activation heights.
## Bug Description
Three issues combined to allow the bypass:
1. `CheckEquihashSolution()` returned `true` immediately for non-Equihash chains, never verifying the RandomX solution stored in `nSolution`.
2. `CheckProofOfWork()` checked the standard SHA-256d `GetHash()` against the difficulty target instead of a RandomX hash, allowing miners to brute-force the cheap hash.
3. The miner passed `&randomxInput, sizeof randomxInput` (the address and size of a `CDataStream` struct) to `randomx_calculate_hash()` instead of the actual serialized data, producing non-deterministic hashes.
A malicious miner could put arbitrary bytes in `nSolution`, iterate nonces until the standard header hash met the target, and the block would pass all validation — completely bypassing RandomX CPU-hardness.
## Changes
### `src/primitives/block.h`
- Added `CRandomXInput` class (modeled after `CEquihashInput`) that serializes the block header **including `nNonce`** but **excluding `nSolution`**, providing deterministic and reproducible input for RandomX hashing.
### `src/hush_globals.h`
- Added `int32_t ASSETCHAINS_RANDOMX_VALIDATION = -1` global variable to hold the per-chain activation height (`-1` = disabled).
### `src/hush_defs.h`
- Added `extern int32_t ASSETCHAINS_RANDOMX_VALIDATION` declaration.
### `src/pow.h`
- Added declaration for `bool CheckRandomXSolution(const CBlockHeader *pblock, int32_t height)`.
- Added declarations for `int GetRandomXInterval()` and `int GetRandomXBlockLag()` (moved from `miner.cpp`).
### `src/pow.cpp`
- Added `#include "RandomX/src/randomx.h"` and `#include <mutex>`.
- Moved `GetRandomXInterval()` and `GetRandomXBlockLag()` definitions here from `miner.cpp` so they are accessible from both the miner and the validator.
- Implemented `CheckRandomXSolution()`:
- Returns `true` immediately for non-RandomX chains, pre-activation heights, and when `HUSH_LOADINGBLOCKS != 0`.
- Validates `nSolution` is exactly `RANDOMX_HASH_SIZE` (32) bytes.
- Derives the correct RandomX key for the given height (initial key from chain params, or block-hash key after rotation interval).
- Serializes the block header via `CRandomXInput` into a `CDataStream`.
- Calls `randomx_calculate_hash()` with the correct data pointer (`&ss[0]`) and size (`ss.size()`).
- Compares the computed hash against `pblock->nSolution`.
- Caches the RandomX VM and cache between calls (protected by mutex), re-initializing only when the key changes.
### `src/main.cpp`
- In `CheckBlockHeader()`: added `CheckRandomXSolution()` call inside the `fCheckPOW` block, after the existing `CheckEquihashSolution()` call. Invalid RandomX solutions are rejected with `DoS(100)`.
### `src/hush_bitcoind.h`
- Added `#include "pow.h"`.
- In `hush_checkPOW()`: added `CheckRandomXSolution()` call after the existing `CheckEquihashSolution()` call.
### `src/miner.cpp`
- Changed `GetRandomXInterval()` and `GetRandomXBlockLag()` from inline definitions to forward declarations (definitions moved to `pow.cpp`).
- Fixed RandomX input construction in `RandomXMiner()`:
- Uses `CRandomXInput` to serialize the block header without `nSolution` (instead of serializing the entire block).
- Passes `&randomxInput[0], randomxInput.size()` to `randomx_calculate_hash()` (instead of `&randomxInput, sizeof randomxInput`).
- Added `SetSkipRandomXValidation(true/false)` around `TestBlockValidity()` to avoid double-validation OOM.
- Added null-checks before `randomx_destroy_vm()` to prevent double-free crashes.
### `src/hush_utils.h`
- After `ASSETCHAINS_ALGO` and `SMART_CHAIN_SYMBOL` are set during chain initialization, sets `ASSETCHAINS_RANDOMX_VALIDATION` per chain:
- `DRAGONX`: `1` (TBD: set to coordinated upgrade height)
- `TUMIN`: `1` (TBD: set to coordinated upgrade height)
- All other RandomX HACs: `1` (enforced from height 1)
- Non-RandomX chains: remains `-1` (disabled)
## Activation Heights
| Chain | Height | Notes |
|-------|--------|-------|
| DRAGONX | TBD | Existing chain, needs coordinated upgrade |
| TUMIN | TBD | Existing chain, needs coordinated upgrade |
| All other RandomX HACs | 1 | Enforced from genesis+1 |
## Files Modified
| File | Lines Added | Lines Removed |
|------|-------------|---------------|
| `src/primitives/block.h` | ~20 | 0 |
| `src/hush_globals.h` | 1 | 0 |
| `src/hush_defs.h` | 1 | 0 |
| `src/pow.h` | 9 | 0 |
| `src/pow.cpp` | ~105 | 0 |
| `src/main.cpp` | 2 | 0 |
| `src/hush_bitcoind.h` | 6 | 0 |
| `src/miner.cpp` | 5 | 5 |
| `src/hush_utils.h` | 10 | 0 |
Reference in New Issue View Git Blame Copy Permalink