Luna Classic v3.6.1 Upgrade Finished: Why It Matters, Explained for Beginners
The Luna Classic network has successfully completed the v3.6.1 upgrade under the chain upgrade name v13_1. This release focuses on resolving critical security vulnerabilities and improving network stability rather than introducing new features.
The sections below explain the most important issues fixed in this upgrade and why they matter for the Luna Classic ecosystem.
1. Critical CometBFT Network Halt Vulnerability
| Aspect | Explanation |
|---|---|
| Issue Identified | A serious security issue was found in CometBFT related to incorrect handling of BitArray data used in node to node communication |
| Root Cause | Nodes could receive malformed BitArray messages with inconsistent internal values |
| Validation Problem | Invalid messages were shared with other nodes before being fully validated |
| Node Impact | When nodes attempted to process the malformed data, they could crash or enter an invalid state |
| Network Risk | A single malicious actor could potentially trigger a cascading failure across the entire network |
| Worst Case Outcome | The network could experience a complete halt |
| Fix Applied | CometBFT was upgraded from version 0.37.15 to 0.37.16 |
| Result | Strict validation ensures invalid BitArray messages are rejected before propagation |
This fix removes a high risk denial of service vulnerability at the consensus level and protects the network from chain wide instability.
2. Oracle Transaction Gas Limit Denial of Service Risk
| Aspect | Explanation |
|---|---|
| Oracle Transaction Rules | Oracle transactions are free and prioritized ahead of user transactions |
| Access Control | Only bonded validators can submit oracle transactions |
| Validator Set Status | The validator set is currently not full |
| Attack Cost | It was cheap for an attacker to become a validator |
| Attack Method | A malicious validator could submit an oracle transaction with a gas limit equal to the block gas limit |
| Block Impact | A single transaction could consume all block capacity |
| Transaction Exclusion | User transactions and legitimate oracle votes could be blocked |
| Coordinated Risk | Multiple attackers could manipulate oracle prices by excluding honest validator votes |
| Chain Condition | The chain would continue producing blocks while becoming effectively unusable |
| Fix Applied | Oracle transactions are prevented from monopolizing block gas |
| Result | Fair block space usage and oracle price integrity are protected |
These protections ensure that oracle pricing remains reliable and that normal user transactions can continue without disruption.
3. Legacy Smart Contract Query Protection
| Aspect | Explanation |
|---|---|
| Contract Type | Some older Terra smart contracts rely on legacy query formats |
| Previous Risk | Oversized query requests could degrade node performance |
| Protection Added | A size limit of sixty four kilobytes is enforced for WASM queries |
| DoS Prevention | Oversized queries are rejected early |
| Compatibility Handling | Legacy queries are translated into the modern TerraQuery format |
| Result | Backward compatibility is preserved without compromising network security |
This change allows older contracts to remain functional while preventing query based denial of service attacks.
4. Overall Impact of the v3.6.1 Upgrade
| Area | Outcome |
|---|---|
| Consensus Security | Fixes a critical vulnerability that could halt the network |
| Oracle System | Removes a near zero cost oracle based denial of service attack vector |
| Smart Contracts | Strengthens protection against query based abuse |
| Ecosystem Benefits | Validators, users, and applications gain improved stability and security |
| Long Term Effect | The network is better prepared for long term operation and ecosystem growth |
Why This Upgrade Is Important
The Luna Classic v3.6.1 upgrade addresses multiple high impact risks that could have disrupted the network without warning. By resolving consensus level vulnerabilities, securing oracle transaction processing, and protecting smart contract queries, the network is now more stable and resilient.
This upgrade strengthens trust in the Luna Classic infrastructure and provides a safer foundation for validators, developers, and users as the ecosystem continues to grow.
