# Juno Network Security Patch - 28-03-2024 Today March 28, 2024 a critical vulnerability with potential loss of fund has been found. A non-state-breaking patch is ready to be applied as soon as possible by validators. ## Method A) Swap binary Binary URL (x86_64): `https://security.junonetwork.io/v21.0.1/junod` Binary HASH: `ec9d624cdac5a57c2c9837ea3949fb043825085fb568f482efe146affbbbf6c2 ./junod` example instructions ```bash # Stop Node sudo service junod stop mv ~/go/bin/junod ~/go/bin/junod-v21.0.0 # download binary wget -O ~/go/bin/junod https://security.junonetwork.io/v21.0.1/junod chmod +x ~/go/bin/junod # Verify Hash sha256sum ~/go/bin/junod # MUST return ec9d624cdac5a57c2c9837ea3949fb043825085fb568f482efe146affbbbf6c2 sudo service junod start ``` ## Method B) Build the code yourself Code is currently private in this repository https://github.com/kintsugi-tech/juno We can share access to at maximum 1 trusted person for each validator. Since the severity of the patch we kindly ask to not share it with anyone unless it's extremely needed. Once you get access to the repository, simply clone it and build the code yourself. Restart the validator once done. ## How to verify you are patched Junod version should be v21.0.1 ``` ~$ junod version v21.0.1 ``` ibc-go should be replaced ``` $ junod version --long | grep ibc-go - github.com/cosmos/ibc-go/modules/light-clients/08-wasm@v0.1.1-0.20231213092633-b306e7a706e1 - github.com/cosmos/ibc-go/v7@v7.3.1 => ./ibc-go@(devel) ``` ## Next Steps When the patch will be released to the everyone, we'll cut the same release on juno main repository. Please notify @dimi and @JakeHartnell when you have patched your validator