Security Vulnerability Delays Ethereum’s Constantinople Hard Fork

Wednesday, 16/01/2019 | 08:42 GMT by Arnab Shome
  • A reentrancy vulnerability was found on the upgrade after an analysis of the blockchain.
Security Vulnerability Delays Ethereum’s Constantinople Hard Fork
Reuters

Constantinople, the much anticipated hard fork of Ethereum , has been delayed as a serious vulnerability was found by the smart contract audit firm ChainSecurity.

On January 15, ChainSecurity explained in a detailed Medium post that although the upcoming hard fork reduces the gas cost for certain operations, it enables reentrancy attacks on Ethereum’s Blockchain using some specific commands.

Exploiting a reentrancy vulnerability, an attacker can steel cryptocurrency from a smart contract by continuously requesting funds and providing false data about the existing ETH balance. Similar vulnerabilities were found in the infamous DAO-attack of 2016.

According to the audit firm, this vulnerability is a side effect of the new features included.

On a Reddit thread, Afri Schoedon, the hard fork coordinator at Ethereum and release manager at blockchain infrastructure provider Parity Technologies, has confirmed that after a long emergency call, the core-devs of the projects have decided to pull the upgrade. Although no exact timeline was provided, Constantinople has been delayed until at least next Friday.

“Out of an abundance of caution, key stakeholders around the Ethereum community have determined that the best course of action will be to delay the planned Constantinople fork that would have occurred at block 7,080,000 on January 16, 2019,” Ethereum stated on its official blog.

Market Reaction

The impact of the delay can also be seen on the market, as ETH dropped 5.6 percent in the last 24 hours marking a weekly loss of more than 20 percent. Currently trading at $121, Ethereum has become the top daily loser among the top 15 coins, according to Coinmarketcap.com.

ETH Price Trend, Source: Coinmarketcap.com

Although Constantinople was not going to provide any major user-related changes, the fork is more of a “maintenance and optimization upgrade” to achieve Ethereum’s long term goal of being a scalable network.

According to a Bloomberg report, Lane Rettig, one of the Ethereum core developers, believes that unlike other hard forks performed on blockchains, Constantinople is the ‘least eventful’ one.

“I really can’t imagine a less contentious hard fork, to be honest,” said Rettig. “Of all the hard forks in the history of Ethereum, it’s probably the least eventful one.”

Major exchange including Coinbase, Binance, Huobi, OKEx, Bitbox, and CEX.IO has already announced their support for the upcoming fork.

“[The delay] will require anyone running a node (node operators, exchanges, miners, wallet services, etc…) to update to a new version of Geth or Parity before block 7,080,000,” Ethereum stated.

Constantinople, the much anticipated hard fork of Ethereum , has been delayed as a serious vulnerability was found by the smart contract audit firm ChainSecurity.

On January 15, ChainSecurity explained in a detailed Medium post that although the upcoming hard fork reduces the gas cost for certain operations, it enables reentrancy attacks on Ethereum’s Blockchain using some specific commands.

Exploiting a reentrancy vulnerability, an attacker can steel cryptocurrency from a smart contract by continuously requesting funds and providing false data about the existing ETH balance. Similar vulnerabilities were found in the infamous DAO-attack of 2016.

According to the audit firm, this vulnerability is a side effect of the new features included.

On a Reddit thread, Afri Schoedon, the hard fork coordinator at Ethereum and release manager at blockchain infrastructure provider Parity Technologies, has confirmed that after a long emergency call, the core-devs of the projects have decided to pull the upgrade. Although no exact timeline was provided, Constantinople has been delayed until at least next Friday.

“Out of an abundance of caution, key stakeholders around the Ethereum community have determined that the best course of action will be to delay the planned Constantinople fork that would have occurred at block 7,080,000 on January 16, 2019,” Ethereum stated on its official blog.

Market Reaction

The impact of the delay can also be seen on the market, as ETH dropped 5.6 percent in the last 24 hours marking a weekly loss of more than 20 percent. Currently trading at $121, Ethereum has become the top daily loser among the top 15 coins, according to Coinmarketcap.com.

ETH Price Trend, Source: Coinmarketcap.com

Although Constantinople was not going to provide any major user-related changes, the fork is more of a “maintenance and optimization upgrade” to achieve Ethereum’s long term goal of being a scalable network.

According to a Bloomberg report, Lane Rettig, one of the Ethereum core developers, believes that unlike other hard forks performed on blockchains, Constantinople is the ‘least eventful’ one.

“I really can’t imagine a less contentious hard fork, to be honest,” said Rettig. “Of all the hard forks in the history of Ethereum, it’s probably the least eventful one.”

Major exchange including Coinbase, Binance, Huobi, OKEx, Bitbox, and CEX.IO has already announced their support for the upcoming fork.

“[The delay] will require anyone running a node (node operators, exchanges, miners, wallet services, etc…) to update to a new version of Geth or Parity before block 7,080,000,” Ethereum stated.

About the Author: Arnab Shome
Arnab Shome
  • 6654 Articles
  • 102 Followers
About the Author: Arnab Shome
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.
  • 6654 Articles
  • 102 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}