Categories: Ethereum

What Caused Ethereum to Delay Their Much-Awaited Hard Fork?

Click here to view original web page at www.newsbtc.com

Ethereum Core developers announced on Tuesday that they would postpone their much-awaited Constantinople hard fork.

The team, which has previously settled January 16 as the official date for the Ethereum blockchain upgrade, decided to delay it after ChainSecurity found potential vulnerabilities in the code. The Switzerland-based blockchain audit firm said that Constantinople would enable “reentrancy attack,” whereby a pair of hackers can use the code to simulate a secure treasury sharing service.

[SECURITY ALERT] #Constantinople upgrade is temporarily postponed out of caution following a consensus decision by #Ethereum developers, security professionals and other community members. More information and instructions are below. https://t.co/p2znO8HGxf

— Ethereum (@ethereum) January 15, 2019

Cheaper Gas Cost Could Cause Security Issues

In retrospect, a reentrancy attack takes place when a smart contract communicates with an external Smart Contract by calling it. If the foreign entity turns out to be malicious, it may take advantage of the call function and take control of the first smart contract. The vulnerability could allow the external Smart Contract to make unexpected modifications in the host’s code. For instance, such an attacker may repeatedly withdraw Ether funds by “re-entering” at a particular line in the Code.

In the case of Constantinople, ChainSecurity blamed cheaper gas costs for fueling the possibilities of a reentrancy attack. According to the firm, two parties can jointly receive funds, decide on how to split them, and receive a payout if they agree by merely exploiting the “PaymentSharer contractmentioned in the hard fork code.

“Before Constantinople, every storage operation would cost at least 5000 gas,” wrote Constantinople. “This far exceeded the gas stipend of 2300 sent along when calling a contract using ‘transfer’ or ‘send.'”

We are thankful to our tireless community that tests to ensure security is airtight before any release. After careful consideration, #Ethereum's #Constantinople upgrade will be postponed due to a vulnerability discovered by @chain_security.#Thirdeninghttps://t.co/INC7be2a6Q

The firm added that changing dirty storage slots after Constantinople would cost only 200 gas. An attacker could manipulate the victim contract code to be transformed into a dirty one: with support from a public function that changes the required variable.

“Afterward, by causing the vulnerable contract to call the attacker contract e.g.with themsg.sender.transfer(...) attacker contract can use the 2300 gas stipend to manipulate the vulnerable contract’s variable successfully,” speculated ChainSecurity.

No Vulnerable Contracts So Far

ChainSecurity did a chain-wide audit of Ethereum and found that the reentrancy bug didn’t impact any smart contract yet. The Core also added that their decision to postpone the hard fork was reached following a detailed discussion with security researchers, Ethereum stakeholders, developers, node operators and other similarly essential parties of the community.

Vitalik Buterin, the co-founder of Ethereum, stressed that a little security vulnerability does not necessarily mean that the underlying code is flawed.

“If you have N protocol features, there are N2 ways they could potentially break,” he wrote on Reddit. “I would say [that] my personal takeaway from this is to be much more explicit about writing down invariants (properties guaranteed by the protocol) that we rely on so we can check against them when changing things.”

MyCrypto.com, an open-source blockchain interface, also backed Buterin’s opinion.

For example…
– A developer wrote, audited, tested and deployed a smart contract in the past
– It is not possible to exploit the smart contract
– The Constantinople update goes live
– It is now possible to exploit the smart contract, due to the changes made in EIP1283

— MyCrypto.com (@MyCrypto) January 15, 2019

“The implementation of EIP1283 was sound,” the company wrote in one of its tweets. “The code is fine. The idea behind it is fine. There is not a “bug” in the code of this EIP. It does what is intended. The potential vulnerability lies at the contract level—not the EVM/opcode/EIP level.”

Tags: constantinople, ethereum, hard fork

The team, which has previously settled January 16 as the official date for the […]

cinerama

Illuminati, Mason, Anonymous I'll never tell. I can tell you this, global power is shifting and those who have the new intelligence are working to acquire this new force. You matter naught except to yourself, therefore prepare for the least expected and make your place in the new world order.

Disqus Comments Loading...
Share
Published by
cinerama

Recent Posts

Venezuelan designer prefers to receive his payments in bitcoin than in dollars

Source: UnSplash It is no secret to anyone. The economic situation in Venezuela has made bitcoin a clear alternative. On… Read More

4 hours ago

Bitcoin Price Charts & Technical Analysis: BTC Remains Bullish

- Consolidation within a common and strong continuation pattern continues. - The length and end of this consolidation can be… Read More

4 hours ago

Simon Ordish: Building WhatsOnChain to fit Bitcoin SV’s needs

While many cool applications have helped broaden the appeal of Bitcoin SV (BSV), one of the earliest applications has been… Read More

4 hours ago

Mark Mobius: Buy Gold At Any Price

Last week we reported that the mainstream is turning bullish on gold , and in recent months, a number of… Read More

4 hours ago

Veteran Investor: Demand For ‘Psycho Crypto Currencies’ Good For Gold Prices

Bitcoin has often been compared with gold as it shares a number of similar traits. Both are safe haven assets,… Read More

4 hours ago

Vaping May Harm Your Blood Flow—Even Without Nicotine

For first-time vapers, merely inhaling vape juice from an e-cigarette caused their blood vessels to constrict, stiffen, and circulate less… Read More

4 hours ago

This website uses cookies. We use these cookies to collect data about your interaction with our website for the purpose of continuously improving your experience with our site. For more information we encourage you to read our privacy policy.

Read More