Bug in Beam Mimblewimble Wallet Caused UTXO Conflicts, Brief Halt in Blockchain

Colin Muller

The Beam Mimblewimble blockchain, one of two recently released implementations of the Mimblewimble privacy protocol (the other being Grin), briefly ceased to function yesterday (Jan 21). Beam Privacy, the chain’s developer team, have fixed the problem and issued a clutch patch.

The team announced the halt on Twitter only about ten minutes after the chain went down, and launched an investigation.

The blockchain ground to a halt at block 25,709,10:13 UTC, and was down for two and a half hours.

25709.png(source: Explorer.beam.mw)

Beam developer Valdok explained in the Github issue notes explain that “improper wallet usage” had the effect of agitating “a flaw in the block construction code, which, under rare conditions, generated a wrong commitment to the UTXO state that should be obtained after the block would be interpreted.”

Apparently, cloning wallet files "may [have] lead to the creation of identical UTXOs by different instances of the wallet in different transactions," according to Valdok.

State of the Art

Only days ago, the Beam Privacy team released their first update for the new blockchain, which went live in early January. The new version, version 1.1.4194 “Agile Atom,” sped up transaction times and squashed bugs.

CryptoGlobe reported on January 10 that Beam Privacy developers had discovered and fixed a critical vulnerability in the new blockchain shortly after its release.

Beam Privacy warned at time of release that the implementation was “state of the art,” and “likely to: (i) contain bugs, defects, or errors that materially and adversely could affect the use, functionality, or performance of Beam.”

A competing implementation of Mimblewimble, Grin, went live a few days ago. The chain saw an impressive amount of mining support out of the gate, owing to an unusual amount of institutional interest in the new privacy protocol.

Mimblewimble is notable for being inherently private, as well as lean with respect to filesize. Unusually, the blockchain does not make use of public addresses - as in Bitcoin and, indeed, nearly all other current blockchains - but rather accomplishes transactions with direct person-to-person connections.