NNS Update Jan 23, 2024: NNS root security hotfix

We are following the procedure described in NNS proposal 48792, Security Patch Policy and Procedure. More information about what is being released will be posted here shortly after the NNS upgrade proposal has been executed and verified.

1 Like

TL;DR: A hotfix for the NNS root canister was released in proposal 127154 (the “current” proposal) less than an hour ago. The code has been published retroactively in branch hotfix-FOLLOW-1237-limit-calls-from-root-to-management-canister-mr-16920, and can be verified in the usual way.

The Security Patch Policy and Procedure adopted in NNS motion proposal (48792) is being followed.

The security issue here: Using the NNS root canister’s canister_status method, it used to be possible to clog communication between the NNS root canister and the management canister. This could have been used to cause an outage of the NNS.

The change/remedy: Cap the number of calls from root to management that can be triggered by the canister_status method to an experimentally found safe value.

Publishing the Code

Yesterday, NNS root was upgraded using the standard NNS release procedure. Specifically, NNS root was built from publicly available sources in commit e7c7105 (Friday, 2024-01-19 at 4:13 PM UTC) and upgraded in earlier proposal 127101.

From that commit, branch hotfix-FOLLOW-1237-limit-calls-from-root-to-management-canister-mr-16920 was created, and the fix was added into that branch in commit 80261cb.

Shortly after those changes were deployed in the current proposal, the branch was configured to be mirrored to GitHub so that it can now be verified by the public.

The hotfix can be verified in the usual way. Instructions can be found in the current proposal itself.


Per our usual practice, a copy n’ paste of the proposal is provided here inline:

## Proposal to Upgrade the Root Canister
### Proposer: DFINITY Foundation
### Git Hash: 80261cb2fdf2e0b49c81040b97a7cac2dfec2251
### New Wasm Hash: 25af9548c5594dc95ba48e6140f4eaa0b59ef0c51ba939a73b1da160bed450ae
### Target canister: r7inp-6aaaa-aaaaa-aaabq-cai

## Features

Security hotfix.

We are following the [Security Patch Policy and Procedure adopted in NNS motion proposal (48792)][hotfix-procedure].

[hotfix-procedure]: https://dashboard.internetcomputer.org/proposal/48792

## Wasm Verification

Per the standard Security Patch Policy and Procedure, the code will be published not long after this
proposal is executed. Once the code is published, this proposal can be verified in the usual way.

git fetch
git checkout 80261cb2fdf2e0b49c81040b97a7cac2dfec2251
./gitlab-ci/container/build-ic.sh -c
sha256sum ./artifacts/canisters/root-canister.wasm.gz

## Current Version
- Current Git Hash: e7c7105a54fdf43892c46b5560d5dbee687dcba0
- Current Wasm Hash: 0d3177bff3cc781be6e85c854a7c128670ef04f2fe75dd570ed376cfcc5bfd1e