The entire Ethereum community has been awaiting the Constantinople hard fork for over a year now. The initial decision of the hard fork was made in the year of 2017 and the upgrade was scheduled to occur in late 2018. It was later postponed to January 2019 because of issues found in the Ropsten Testnet.
However, much to the expectations of the community, the hard fork was yet again delayed due to another security issue. This issue was bought to light on the eve of the hard fork, resulting in the key stakeholders taking the decision to prolong the upgrade. Additionally, the Parity and Geth team released a new version, which would revert Constantinople hard fork on the Ethereum network.
|Apple's Secret Project|
|Apple Quietly Leases 5,000 Acre |
Abandoned Military Base
|The Motley Fool|
Importantly, the issue was found in one of the Ethereum Improvement Protocols [EIP], the net gas metering for SSTORE without dirty maps, and was brought to light by an audit platform for smart contracts, ChainSecurity. The platform pointed that the Constantinople upgrade would open doors for a Reentrancy attack. Based on the report by the team, smart contracts that are not currently vulnerable would become vulnerable to the attack after the upgrade.
According to the latest video by Ivan on Tech, the Youtuber explained the attack as “a smart contract [name it A] makes payment to another smart contract [name it B], smart contract B will have a chance to call another function in smart contract A, thereby gaining control over what happens next and can execute any code”.
The vulnerability exists even now, but cannot be carried out because of high gas limit, which is required to change the storage of another smart contract. The Youtuber, explained:
“Because when smart contract B can change storage of smart contract A, then this is when they can start messing with internal working of smart contract A and basically mess up the execution and steal funds.”
This is now a problem because the Ethereum Improvement Protocol proposes to make the storage cost cheaper, aimed at benefiting the developers. This, thereby, reintroduces the attack that was earlier prevented because of the higher gas costs.
During the ConstantiNOPEle watch party, one of the members of the Foundation, Hudson Jameson, stated that there is an Ethereum Improvement Protocol introduced to fix the issues found in EIP 1283. He further stated that the two developers are currently working with the Parity team and with Nick Johnson to have the EIP implemented. He said:
“That doesn’t mean the EIP is going in, it might be left out completely in the future fork […] There are stuff in the EIP that would make the stuff more friendly. “