en
Back to the list

Vulnerability Is Found in Constantinople Hours After ETH Devs Call It ‘Least Eventful’ Hard Fork


cointelegraph.com 16 January 2019 05:50, UTC
Reading time: ~3 m

Ethereum’s (ETH) Constantinople hard fork faces a delay over a newly discovered security vulnerability allowing a reentrancy attack. The critical issue was detected by smart contract audit firm ChainSecurity and reported in a blog post Jan. 15.

According to the company’s report, the Constantinople upgrade introduces cheaper gas cost (transaction fees) for some operations on the Ethereum network. As an unexpected side effect, this allegedly enables reentrancy attacks via the use of certain commands in ETH smart contracts.

A reentrancy vulnerability allows a potential attacker to steal cryptocurrency from a smart contract on the network by repeatedly requesting funds from it while feeding it false data about the malicious actor’s actual ETH balance.

Afri Schoedon, the hard fork coordinator at Ethereum and release manager at blockchain infrastructure provider Parity Technologies, has confirmed on Reddit that the core developers of Ethereum are aware of the vulnerability.

Schoedon explained that an all-core-dev call has been scheduled on Friday, Jan. 18, to decide on further steps in relation to the newly discovered loophole. According to him, the launch of Constantinople has been postponed until at least the next week:

“We will decided (sic) further steps on Friday in the all-core-devs call. For now it will not happen this week. Stay tuned for instructions.”

On the same day that the vulnerability was discovered, Ethereum’s core developers said that they expect the upcoming fork to be the least eventful one in the history of Ethereum. Their remarks were reported in a Bloomberg article published Jan. 15.

Constantinople was first trialed on the Ethereum public testnet Ropsten in mid October last year, and had been intended to be swiftly activated on the main blockchain by the end of October–November 2018.

After facing technical hurdles, its launch was delayed to be implemented at Ethereum block 7,080,000, expected Jan. 16. Given the fork’s focus on primarily technical improvements, Ethereum core dev Lane Rettig told Bloomberg:

"I really can’t imagine a less contentious hard fork, to be honest. Of all the hard forks in the history of Ethereum, it’s probably the least eventful one."

As reported, in earlier discussions of Constantinople, some devs had proposed it would be less controversial, or even political, to change the term for the transition from hard fork to “update.”

The main impact of the shift will be the reduction of mining rewards for each block from the current 3 ETH to 2. The downward adjustment could reportedly help to reduce the inflation and volatility that is allegedly associated with miners selling ETH to cover their costs and boost revenue.

If reduced incentives equate to less support from miners, as Bloomberg notes, this could render the network more susceptible to the possibility of a 51 percent attack — a risk that has been robustly demonstrated in the recent attack on Ethereum Classic (ETC).

Yet, as reported, the reduction is unlikely to be controversial, as it has long been in the works to gradually reduce rewards to zero as the network readies for its planned transition to a Proof-of-Stake (PoS) consensus algorithm.

The high stakes involved in implementing hard forks were thrown into stark relief last November, when the Bitcoin Cash (BCH) community splintered into two warring factions over a scheduled hard fork.

Major United States cryptocurrency exchanges Coinbase and Kraken are the latest to have confirmed their support for Constantinople, joining other top global industry players such as Binance, Huobi and OKEx. Kraken has aligned with the devs in saying it expected the fork would not be controversial.


   Source
Back to the list

Similar news
Suggest news


Ethereum
Constantinople Delayed After Auditors Find Vulnerability
www.investinblockchain.com 17 January 2019 13:48, UTC
Ethereum
Constantinople Update Delayed Once More By Ethereum
cryptodaily.co.uk 17 January 2019 13:22, UTC
Ethereum
Security Vulnerability Delays Ethereum’s Constantinople Hard Fork
www.financemagnates.com 17 January 2019 13:04, UTC
Ethereum
Constantinople Hard Fork Delayed: EIP 1283 to be blaimed
www.thecryptoupdates.com 17 January 2019 12:55, UTC
Ethereum
Strife over yet another Ethereum hard fork delay
decryptmedia.com 16 January 2019 19:31, UTC
Ethereum
Ethereum Constantinople postponed following consensus decision
www.coininsider.com 16 January 2019 19:27, UTC
Ethereum
Ethereum upgrade delayed again
bravenewcoin.com 16 January 2019 19:24, UTC
Ethereum
Security Alert: Ethereum Constantinople Postponement
blog.ethereum.org 16 January 2019 19:21, UTC
Ethereum
Constantinople fork’s off, for now
decryptmedia.com 16 January 2019 19:20, UTC
Ethereum
Constantinople enables new Reentrancy Attack
medium.com 16 January 2019 19:19, UTC
Ethereum
Ethereum Constantinople Delayed, ETH Down 5%
ethereumworldnews.com 15 January 2019 19:46, UTC
Ethereum
Ethereum Constantinople Upgrade Delayed for Security Reasons
captainaltcoin.com 15 January 2019 19:14, UTC