Dev Update - Neptune Cash

1. Last Week by the Numbers

neptune-core

• Issues: 2 raised, 2 closed
• Pull Requests: 1 merged
• Commits: 8 merged into master

triton-vm

• Issues: 1 raised

2. Stand-up Summary

Alan Szepieniec

• Last Week: Coordinated with team members regarding the upcoming fork specifications.
• Coming Week: Reviewing PRs; implementing miner timing information (block proposal production time); developing and testing a protocol vulnerability patch; verifying historical blocks against new validation rules.

Thorkil Værge

• Last Week: Finalized the hard fork PR and performed a security review of the new mobile wallet.
• Coming Week: Investigating reported block validation issues; collaborating with Alan on refinement of the guessing algorithm logic; exploring new succinct address formats.

Softly

• Last Week: Managed L2 code deployment and scheduled marketing outreach; coordinated with security analysts regarding protocol integrity.
• Coming Week: Launching private testnet; coordinating media appearances for upcoming shows; managing simultaneous patch deployment with mining pools.

3. Technical Discussion

Hard Fork & Lustration Barrier

The hard fork is officially scheduled for activation at block 38,000. Key technical changes include:

• Lustration Barrier: A mandatory barrier for old UTXOs. Users must explicitly set anaccept lustration flag to spend UTXOs generated prior to the fork.
• Algorithm Adjustments: Removal of memory hardness from the guessing algorithm and pegging the power threshold directly to block difficulty.

Protocol Integrity

A non-cryptographic vulnerability was identified in the block validation logic. While difficult to exploit, the fix involves a single-line update to the block_is_valid function and the introduction of a specific error code. The team is coordinating a patch strategy to minimize the risk window, ensuring mining pools upgrade prior to a public disclosure. Moreover, any exploit will leave traces; and the team will scan historical blocks and will be able to determine with certainty whether the vulnerability has been exploited.

The core team would like to express their gratitude to AllFather Team for finding the issue and responsibly disclosing it. For their effort and good will, AllFather Team has earned a 25’000 NPT bounty.

EDIT: The historical scan has been completed. The vulnerability was never exploited. Update your node to master to ensure you do not fall prey to malicious blocks in case an attacker exploits this attack vector going forward. Version 0.9.0 will be released soon. The bounty has been transferred.

Mobile Wallet Security

The Android mobile wallet review highlighted the advantages of OS-level sandboxing. By not persisting state locally and fetching necessary data via the UTXO index, the wallet maintains a “stateless” profile that significantly reduces the attack surface on mobile devices.

4. Updates and Announcements

• L2 Deployment: L2 code has been successfully uploaded; private testnet activation is targeted for early this week.
• Network Security: Mining pools are being contacted for a coordinated node upgrade to address the recent validation patch.

Great stuff, I’m always looking forward to these updates.

Could you share a bit more about the L2 deployment? Is it some layer-2 protocol built on top of Neptune Cash, or something else? This is the first time I’ve heard this mentioned.

The L2 (currently in testnet) is an X NT development as well as coordinating for upcoming shows with the L2 and the coordination with mining pools to hotfix both chains.

There can sometimes be a bit of confusion given the two stores of value and perceived notion by some in telegram that there is an adversarial relationship between them.

Hoping we can move past that phase soon. The actual relationship is one of collaboration between NPT and X NT, the same as it was when there was just the one store of value.

In simpler terms, both groups have saved each other’s asses, may again in the future, and both groups continue to share significant developments and contributions.

imho, now would be an ideal time for that to be seen for what it really is,which is a bunch of people helping each other despite having different views on emissions.

Thats all XNT Neptune Privacys work, NPT doesnt have anything to do with the work on the L2 or the marketing campaigns. That’s all on XNT. Not sure why they chose to not make that clear in their summary. Seems a bit dishonest.