Final Comment Period: CAP-0076
45 views
Skip to first unread message
Justin
Oct 17, 2025, 5:54:27 AMOct 17
to Stellar Developers
Hello Stellar Devs,
CAP-0076: P23 State Archival bug remediation is now in final comment period pending acceptance. You can read the proposal here:
https://github.com/stellar/stellar-protocol/blob/master/core/cap-0076.md
This Core Advancement Proposal addresses a bug in Stellar's state archival feature that was discovered October 9, and quarantined through validator action October 10. The bug, found in Whisk (Protocol 23) which the network upgraded to on September 3, 2025, resulted in outdated entries being archived and then restored incorrectly, producing state that did not match the canonical onchain history.
In addition to reviewing CAP, you can read more about the immediate response to the discovery, the assessment of the bug, the proposed fix, and the timeline of action in this blog post:
https://stellar.org/blog/developers/addressing-state-archival-inconsistencies-protocol-upgrade-vote-next-week
CAP-0076 will remain in final comment period until 1700 UTC, October 22, which is when validators will vote on whether to accept the Protocol 24 upgrade that implements the CAP. If you have questions or comments, please raise them here before then.
Thank you for your attention!
CAP-0076: P23 State Archival bug remediation is now in final comment period pending acceptance. You can read the proposal here:
https://github.com/stellar/stellar-protocol/blob/master/core/cap-0076.md
This Core Advancement Proposal addresses a bug in Stellar's state archival feature that was discovered October 9, and quarantined through validator action October 10. The bug, found in Whisk (Protocol 23) which the network upgraded to on September 3, 2025, resulted in outdated entries being archived and then restored incorrectly, producing state that did not match the canonical onchain history.
In addition to reviewing CAP, you can read more about the immediate response to the discovery, the assessment of the bug, the proposed fix, and the timeline of action in this blog post:
https://stellar.org/blog/developers/addressing-state-archival-inconsistencies-protocol-upgrade-vote-next-week
CAP-0076 will remain in final comment period until 1700 UTC, October 22, which is when validators will vote on whether to accept the Protocol 24 upgrade that implements the CAP. If you have questions or comments, please raise them here before then.
Thank you for your attention!
John
Oct 20, 2025, 9:19:22 PMOct 20
to Stellar Developers
For clarity of documentation, the majority of public information announced about this exploit can be found in this thread. As for the naming chat, I propose we call the interim P24 upgrade "Xanthan" for a niche keto thickening agent. I add just a pinch to harden up an otherwise unstable liquid mixture so that it bakes together just right.
A little community prudence has gone a long way fixing past bugs, which slip through even after exploit research and internal code reviews by an expert who authored this original logic. I hope we can walk away from this incident with a little more humility and deference to community developer conversations. In past meetings, little written preparatory materials and domineering controls make it hard to express live dissent or question methods.
For instance, the related CAP66 and CAP62 discussions were not open-mic for input from developers, being just a single monologue in the latter at ignorance of the wisdom of our impassioned developer community. How may we incentivize and promote more ecosystem involvement above and beyond validator voting, since diverse viewpoints and increased eyes make bugs much more shallow than this? My industry was riddled by fraud because of loopholes introduced during crises, which mimic central viewpoints apparent in TODOs and clear syntax change needs just a couple of days before the proposed hasty upgrade.
In good faith,
John Wooten
For instance, the related CAP66 and CAP62 discussions were not open-mic for input from developers, being just a single monologue in the latter at ignorance of the wisdom of our impassioned developer community. How may we incentivize and promote more ecosystem involvement above and beyond validator voting, since diverse viewpoints and increased eyes make bugs much more shallow than this? My industry was riddled by fraud because of loopholes introduced during crises, which mimic central viewpoints apparent in TODOs and clear syntax change needs just a couple of days before the proposed hasty upgrade.
In good faith,
John Wooten
Reply all
Reply to author
Forward
0 new messages