A critical consensus bug has been uncovered in the world’s second largest blockchain. A blog post by Parity Technologies revealed the issue that was found to cause those running the software to fall out of sync, which meant that others who were using different software would not recognise their transactions. This has lead Parity to urge all users to update their software to a newly patched version.
Data suggests that it could have impacted approximately thirty percent of the Ethereum network; however representatives of Parity have reassured users that the issue was patched before it reached nodes operating the live Ethereum blockchain.
This news has come at an already bad time for Parity, who has been under increased scrutiny for similar security issues, a major one being late last year, when a bug in one of their wallets led to approximately $311 million worth of ETH becoming frozen and inaccessible.
Wei Tang, a Parity developer assisted with the code patch, said that the bug is linked to a piece of code from Ethereum improvement proposal. Parity implemented the code for the upgrade, and Wei has admitted that the team in charge of implementing it within the software had overlooked three lines of code, which ultimately led to the bug. Wei said;
“We missed a conditional check in our code that caused full node Parity to accept a block containing invalid transactions.”
In a press release from Parity, Kirill Pimenov, said;
“The response to this situation was proactive, meaning we were able to prepare a fix before anyone was actually able to exploit the bug. As a result, we have managed to avert a mainnet split.”
Wei echoed his views saying that the fix was actually very simple, saying;
“We add those three lines of the missing conditional check in our code…But yeah, these three lines have severe effect. We’ve also got many eyes to review the code during the process.”