The Merkle

Dash Developers Disable InstantSend on the Network

Dash’s developers recently had to intervene in a significant way. A major exploit method was discovered with the help of the community. This exploit was found within the InstantSend implementation. As a result, the InstantSend feature has been temporarily suspended until a new client is released in the coming days. It is a very unusual turn of events, especially considering how developers can turn network features on and off without issues.

InstantSend Disabled by the Dash Developers

It is the first time we have seen the Dash developers intervene in a major way to protect the network. The issue discovered by the developers and community made the only option a drastic one. Although disabling such a major part of the Dash network is never a fun outcome, having an exploit waiting to be leveraged is never a good idea. This particular exploit could have had major consequences for the network as a whole if left unchecked.

According to the Dash forum, this particular exploit would have allowed an attacker with 6 or more Masternodes to dominate an InstantSend quorum. They could have brute forced collateral transaction hashes to increase their chances of getting selected for an InstantSend quorum. Anyone who partook in this quorum could have received the ability to perform a double spend or even a network fork. It is important to note such an attack has never been executed, but preventing these issues is always better than fixing them later.

Granted, the economic requirements for such an attack are not insignificant by any means. An attacker would have needed at least US$2.1 million in Dash to successfully pull off this exploit, although that could have been worth it to the right individual. For the time being, InstantSend will remain disabled until a fix is deployed on the network. That fix will come in the form of the Dash 112.2 release, which is already completed and ready for release in the next few weeks.

The developers could have solved this problem through a hotfix, but they deliberately decided not to pursue that avenue. A hotfix would have potentially disrupted the network, which would have created a whole new set of problems. This means Dash users will not be able to use the InstantSend feature for quite some time, which may cause some friction among community members. All InstantSend transactions made before the 12.2 release will revert to regular transaction times, while still being charged the InstantSend fee.

We commend the Dash developers on successfully identifying this issue with the help of community members and ensuring this exploit could not be leveraged by criminals. Catching such issues at a very early stage is of the utmost importance; otherwise, the network would have been placed in serious jeopardy as a result.  There will always be people who feel this type of measure is a problem, as it shows the Dash developers have a lot of control over one of the network’s primary features in providing anonymity. Then again, that proved to be a positive aspect in this particular case.

Cryptocurrency technology is not free from exploits and potentially disastrous issues. The Dash team successfully avoided a major crisis, although their course of action could raise some questions from other communities. It does not affect Masternode functionality in general, though, as they are still an integral part of the Dash ecosystem as a whole.  The wait begins for the 12.2 release client which will address these problems once and for all.