Moderate severityNVD Advisory· Published Nov 25, 2020· Updated Aug 4, 2024
Erroneous Proof of Work calculation in geth
CVE-2020-26240
Description
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ethereum/go-ethereumGo | < 1.9.24 | 1.9.24 |
Affected products
1- Range: < 1.9.24
Patches
1d990df909d78consensus/ethash: use 64bit indexes for the DAG generation (#21793)
1 file changed · +5 −5
consensus/ethash/algorithm.go+5 −5 modified@@ -304,16 +304,16 @@ func generateDataset(dest []uint32, epoch uint64, cache []uint32) { keccak512 := makeHasher(sha3.NewLegacyKeccak512()) // Calculate the data segment this thread should generate - batch := uint32((size + hashBytes*uint64(threads) - 1) / (hashBytes * uint64(threads))) - first := uint32(id) * batch + batch := (size + hashBytes*uint64(threads) - 1) / (hashBytes * uint64(threads)) + first := uint64(id) * batch limit := first + batch - if limit > uint32(size/hashBytes) { - limit = uint32(size / hashBytes) + if limit > size/hashBytes { + limit = size / hashBytes } // Calculate the dataset segment percent := size / hashBytes / 100 for index := first; index < limit; index++ { - item := generateDatasetItem(cache, index, keccak512) + item := generateDatasetItem(cache, uint32(index), keccak512) if swapped { swap(item) }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-v592-xf75-856pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-26240ghsaADVISORY
- blog.ethereum.org/2020/11/12/geth_security_releaseghsaWEB
- blog.ethereum.org/2020/11/12/geth_security_release/mitrex_refsource_MISC
- github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0ghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/pull/21793ghsax_refsource_MISCWEB
- github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856pghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.