Earlier this week, Ethereum developers sent out a message to the community to say that they were postponing the upcoming Constantinople hard fork update to the network. However, not everyone made the correct changes and there is currently a ‘parallel universe’ of Ethereum mining. A chain split has happened with some miners digging away at the unofficial Constantinople chain without consensus from the majority of the network.
The update getting postponed came after there were potential vulnerabilities discovered in one of the newer updates. As it says in the statement announcing the postponement it says:
“We are investigating any potential vulnerabilities and will follow with updates in this blog post and across social media channels. Out of an abundance of caution, key stakeholders around the Ethereum community have determined that the best course of action will be to delay the planned Constantinople fork that would have occurred at block 7,080,000 on January 16, 2019.”
Miners now need to install the updated version to avoid violating the consensus.
However, not all the miners got the memo. As reported by CCN, there is at least 10TH’s worth of mining power was still mining the unofficial chain at the time of writing, according to a fork monitor owned by Ethdevops.io.
The risk that caused the update to be postponed allows for an unusual form of scamming in which it takes someone with quite a lot of know-how to understand. Essentially, the bottom line is that a change in the way Ethereum charges for storage enabled attack could cost a lot of money to multiple different dApps. The vulnerability in the code was uncovered by ChainSecurity who explained the flaw by saying:
“Certain preconditions have to be met to make a contract vulnerable:
- There must be a function A, in which a transfer/send is followed by a state-changing operation. This can sometimes be non-obvious, e.g. a second transfer or an interaction with another smart contract.
- There has to be a function B accessible from the attacker which (a) changes state and (b) whose state changes conflict with those of function A.
- Function B needs to be executable with less than 1600 gas (2300 gas stipend – 700 gas for the CALL).”
Even though the vulnerability isn’t actually on the blockchain, it is better to be safe than sorry. Through the official blog on Ethereum it says:
“Security researchers like ChainSecurity and TrailOfBits ran (and are still running) analysis across the entire blockchain. They did not find any cases of this vulnerability in the wild. However, there is still a non-zero risk that some contracts could be affected.”
Considering the network is so massive, it’s near impossible to get a network upgrade through to everyone on time.
What are your thoughts? Let us know what you think down below in the comments!