en
Back to the list

Ethereum Client Geth Receives Hotfix to Patch Vulnerability

source-logo  cryptoknowmics.com 06 September 2021 07:30, UTC

Go Ethereum, which is usually abbreviated to Geth, received a hotfix release to patch a vulnerability in the EVM, according to a Github update from last month. The release titled  Hades Gamma (V1.10.8) was shared on Ethereum’s Github repository on Tuesday at 07:08 UTC.

Ethereum Software Client Gets Hotfix Release for Vulnerability

According to a post from the release page, the patch hasn’t disclosed the exact attack vector until now. This is to allow dependent downstream projects and node operators to update their software and nodes. 

Data from Ethernodes.org indicates that roughly 75% of all nodes on the Ethereum network operate on Geth. Hence, these users are advised to upgrade their Geth clients to v1.10.8.

For those not in the know, Geth is a command-line interface built with Go programming language that helps users join Ethereum, transfer assets between accounts, and mine Ether. On Aug. 18, software developer Guido Vraken discovered a bug in Geth while “working for Sentnl during an audit of the Telos EVM.” Sentnl is a blockchain security specialist that offers audit services. 

Go Ethereum took immediate cognizance of the issue and issued a hotfix on Aug 24.

The recent code fix in Geth had resulted in a temporary split in Ethereum blockchain, which threatened transactions on the network. Yearn Finance founder Andre Cronje told a media outlet that he had to stop users from doing transactions until the issue was resolved.

Fortunately, most concerns associated with the splintering were addressed by Geth 1.10.8 version. Martin Swende, the security lead at Ethereum Foundation said that the impact of the split will become less obvious as more nodes update to the latest version of Geth.

Geth Developers Defend Decision to Not Expose the Vulnerability

Security issues are crucial for blockchain technology’s future growth and therefore, every time the community stumbles on a vulnerability, a transparent discussion is initiated. However, in Geth’s case, the development team has decided to delay this discussion to avoid any impending attacks on node operators. The developers highlighted this situation in a blog post about the update. 

The team also changed its approach to announcing updates after receiving unfavorable feedback from some people in the community. Geth developer Péter Szilágyi mentioned this aspect in a recent tweet.

“People were not happy with our hotfix last time; they noted that we didn’t make the announcement. So we have decided to do it differently this time; let’s know the one that works better,” he wrote.

cryptoknowmics.com