Ethereum developers have fixed a loophole in a forthcoming upgrade that would have left the network vulnerable to fake large transactions.
Scheduled for mid-July, EIP-1559 burns some ETH spent on processing transactions instead of giving it all to miners, as is currently the case. The proposal aims to reduce the volatility of Ethereum’s transaction fee.
Under EIP-1559, users can “tip” miners and the Ethereum network to speed up transactions. To do this, they specify the maximum amount they are willing to pay.
Martin Holst Swende, a Ethereum core developer from Sweden, worked out on Thursday that EIP-1559 placed no limit on the maximum amount a user could pay to speed up transactions.
An attacker could thus insert an absurdly high number to overwhelm the network, even if they didn’t have the funds to pay for the tip.
“Because the fields in 1559 are maximums, you could abuse this, not actually pay those huge gas values, and spam the network,” Ethereum core developer Tim Beiko tweeted Friday.
Prior to 1559, this is not possible because if you want to create a transaction with a huge gas price, you actually _need_ to have that amount of ETH, and if your txn is included, you will _pay_ that amount.
— Tim Beiko | timbeiko.eth 🦇🔊 (@TimBeiko) May 28, 2021
To close that loophole, the developers implemented a solution proposed by Swende: four lines of codes that capped transactions at a limit of 2^256, a widely used cryptographic hash function that also underpins Bitcoin.
On May 14, Ethereum developers agreed to delay until December a “difficulty bomb” that would make the network prohibitively expensive to use.
The difficulty bomb is designed to encourage Ethereum developers to hasten the development of Ethereum 2.0, the long-awaited upgrade to the Ethereum network that would reduce fees and increase throughput.