RC-0.9.0: Key Changes to Pocket Network's Protocol

As we’ve crossed the threshold of two-thirds of Pocket nodes upgrading to v0.9.0, and have officially submitted the upgrade transaction and reached the target block height, we can now truly say the network has been upgraded to this important new release. RC-0.9.0 is a release of significance for several reasons: it contains the implementation of PIP-22: Stake-weighted Servicer Rewards, ideas from the community, a more secure and stable mempool, and the first ever security vulnerability formally reported by the community and patched by the Pocket Network Inc. (PNI) Core team. As Pocket Network CTO Luis Correa de Leon put it, “It’s incredible to see a release like this come together and go live on the network - a release that was driven and shaped so strongly by the community’s voice. From watching PIP-22 and PUP-21 take on a life of their own in the forum, to having our community spot items in need of patching, this has been a really special release to be a part of, and we’re excited about the positive impacts it can bring to the network.”  With community collaboration, Pocket Network's protocol keeps getting stronger and stronger.

Changelog

PIP-22: Stake-weighted Servicer Rewards.PIP-22 (Stake-weighted servicer rewards) represents the first consensus breaking change to be totally community driven (by Andy from Liquify), from DAO proposal to implementation. PIP-22 introduces new DAO parameters (as approved by the DAO in PUP-21) that allow nodes to earn a multiplier of the relay reward in proportion to how much POKT they have staked. In other words, node runners are now formally incentivized to stake larger nodes and/or consolidate the nodes that they already have, which will help to significantly control costs across the network.Tendermint Mempool Refinements. The Pocket Core mempool has been refined to only allow transactions in the mempool to exist for 2 blocks, after which they are considered stale and evicted so they won’t get into the block. This creates safety in scenarios where there is a surge of transactions caused by malfunctioning nodes or attacks. It also improves the mempool cache, to protect against transaction replays even if the mempool cache is set to 0.Query accounts per height. As requested by Jorge Cuesta from POKTscan and implemented by the Pocket Core team at PNI, Pocket Core now exposes the `/v1/query/accounts` endpoint which outputs, in a paginated format, a list of all the accounts for any given height. This will allow indexers and other applications to be able to see all the accounts in the blockchain and measure individual account growth over time.Configurable AuthToken Generation. Currently Pocket Core requires an automatically generated auth token for certain RPC endpoints used for process orchestration. This change allows for those tokens to be configurable by the node runner, which enables control over multiple nodes with the same token.

Security Patch

Overservicing Bug (“Chocolate Rain Attack,” as dubbed by reporter). Pocket Core contained a bug in the Claim transaction validation mechanism, which could have allowed nodes to service more work than the apps had paid for, and receive illegitimate servicing rewards by the protocol as a result. Even though Pocket Core had protections for this in the Servicing Layer (the one that submits relays to relay chains and responds to apps), the validation at the transaction level was incomplete. Massive props to PoktBlade (from PoktFund) and Cristopher Ortega (Backend Engineer with Pocket Network) for finding and reporting this issue (which was dubbed “Chocolate Rain” in the submission) via the official email for security disclosures: pocket-core-security@pokt.network. RC-0.9.0 added the missing validation, securing the network from this point forward. Additionally, we’ve paid out a POKT bounty to PoktBlade for their efforts in uncovering and communicating this bug to the Core team.

Next Steps

We will be activating key features of this release in the upcoming week:

• Activate stake-weighted rewards: Monday 8/29
• Shortly after stake-weighted rewards are activated we will set stake-weighted parameters
• Activate non-custodial staking: Wednesday 8/31 (Tentative)

Thank you to our community for all the collaboration with this release!

Want to know more?

🗣 Follow Pocket on Telegram @POKTnetwork💬 Join the Pocket community in Discord🔗 Mint an RPC endpoint for your application👾 View our governance discussions in the Forum