In all versions before v6.0 there is a flaw in the counterpartyd parsing code which incorrectly identifies the ‘source’ of Counterparty transactions with multi-sig inputs. I just pushed a commit to GitHub that fixes this issue, and invalidates transactions that would have exploited this problem (and rolled XCP balances back). So we’re at v6.0 now. Please upgrade. (The client will force you to.)
Thank you, busoni and the person that discovered and reported this vulnerability.
Super quick fix - keep up the great work!
Wow, that was close !
Impressive reaction time.
Man… This is pretty cute.
I continue to be impressed with the Counterparty’s team speed and execution. Nice work.
I think we need to notify everyone that we’ve upgraded to v6.1 as of Feb 22, 2014