2019-1-18 00:15 |
Ethereum has been catching the eye of crypto public recently not as much for its price action as it did for its upcoming structural changes. Namely, everyone was anxiously waiting for the project to implement the so-called Constantinople hard fork.
The fork was expected to come once the Ethereum network mined out its block number 7,080,000, introducing 5 Ethereum Improvement Proposals (EIPs) into the codebase. Vitalik Buterin, the creator and lead developer behind Ethereum, suggests that this wasn’t an actual hard fork, as all current Ethereum nodes are expected to eventually move onto the new codebase (meaning that the old blockchain won’t be mined on anymore). Overall, there improvements that were to be introduced are as follows:
The Bitwise Shifting Instructions (EIP 145): aims to improve the cost and execution times in smart contractsSmart Contract Verification (EIP 1052): allows for the faster verification of smart contracts, which will now be based only on their hash codesSSTORE (EIP 1283): optimizes gas costs during SSTORE operationCREATE2 (EIP 1014): a scaling solution which enables the use of state channels and takes transactions off chainEIP 1234, an upgrade expected to include a Block Reward reduction and a Difficulty Bomb Delay.Most of the community’s attention was grabbed by the last proposal, as EIP 1234 was supposed to bring important changes and prepare the chain for the eventual Proof-of-Stake switch. The difficulty bomb is designed to eventually increase the mining difficulty on Ethereum’s chain so much that miners will no longer be able to verify transactions; it will be delayed for 12 months thanks to Constantinople. Still, the block reward reduction from 3 ETH to 2 ETH is expected to go through once the update goes live.
But just a couple of days prior to its launch, Constantinople proved to be as vulnerable as the legendary capitol of Byzantium it was named after. A security company ChainSecurity originally exposed the vulnerability identified as “reentrancy attack” after which Ethereum Foundation released an update, describing the issue in more depth.
Developer Hudson Jameson explained that the issue has been duly noted and that the Ethereum team is investigating how to fix this one and any other possible vulnerabilities. At the same time, he confirmed that while there were no contracts found that were influenced by the vulnerability, the risk of that happening is real and the fork has been postponed indefinitely.
“Security researchers like ChainSecurity and TrailOfBits ran (and are still running) analysis across the entire blockchain. They did not find any cases of this vulnerability in the wild. However, there is still a non-zero risk that some contracts could be affected. Because the risk is non-zero and the amount of time required to determine the risk with confidence is longer the amount of time available before the planned Constantinople upgrade, a decision was reached to postpone the fork out of an abundance of caution,” explained the Foundation.
Node operators were required to update to a new version of Geth or Parity before block 7,080,000 was mined out. The rest of the community was pretty much required to do nothing, with some smart contract owners advised to check if their contracts are susceptible to this vulnerability.
The reentrancy vulnerability is similar to the one which led to the well-known $50 million DAO hack in 2016 which originally led to the project splitting into Ethereum and Ethereum Classic.
“To exploit the vulnerability, an attacker first deposits some of their own funds to a multi-party smart contract. They then call a function to withdraw the funds they have deposited—which is legitimate—but before the balance of funds deposited and withdrawn has been settled, call a new function that triggers funds to be withdrawn beyond the value of their deposit, essentially stealing the money of other parties in the contract,” explains Breaker.
The vulnerability was discovered merely 9 hours before the Constantinople was officially called off, showcasing the quickness and adaptability of the Ethereum community. Some people who aren’t so high on the project did rightfully point out how this fiasco reveals some underlying centralization issues with Ethereum:
Fate of proposed upgrade to Ethereum, a hyper-decentralized holacratic swarmweb critter thing, to be decided on a totally decentralized pre-scheduled phone call by a bunch of dudes who have known each other for years https://t.co/gGSV72pOWJ
— Preston Byrne (@prestonjbyrne) January 17, 2019As of now, the fate of the most popular smart contract platform/third most valuable cryptocurrency on the planet remains unclear. More should be revealed after the mentioned Ethereum developers call.
The post Ethereum governance problem: Who decides the fate of the ETH world? appeared first on CaptainAltcoin.
Similar to Notcoin - Blum - Airdrops In 2024