Ethereum Upgrade postponed – Constantinople has been delayed due to a critical bug! Ethereum’s newest update, called Constantinople, has been delayed due to a bug discovered by ChainSecurity. The bug could leave smart contracts vulnerable to attacks. Due to this discovery, the Ethereum Foundation has delayed the hard fork.
ChainSecurity wrote a Blog post on Medium which was published yesterday, which explained the vulnerability.
“The upcoming Constantinople Upgrade for the Ethereum network introduces cheaper gas cost for certain SSTORE operations. As an unwanted side effect, this enables reentrancy attacks when using address.transfer(…) or address.send(…) in Solidity smart contracts. Previously these functions were considered reentrancy-safe, which they aren’t any longer.”
Ethereum’s core developers and stakeholders, including Vitalik Buterin, all agreed on a conference call to delay the upgrade while they study the issue. A meeting is scheduled for this Friday to decide on the new date for the hard fork.
The Ethereum Foundation announced the postponement of the Constatinople hard fork late last night via Twitter.
[SECURITY ALERT] #Constantinople upgrade is temporarily postponed out of caution following a consensus decision by #Ethereum developers, security professionals and other community members. More information and instructions are below. https://t.co/p2znO8HGxf
— Ethereum (@ethereum) January 15, 2019
The Ethereum Foundation also released a blog post with advice for anyone running a node:
“Out of an abundance of caution, key stakeholders around the Ethereum community have determined that the best course of action will be to delay the planned Constantinople fork that would have occurred at block 7,080,000 on January 16, 2019. This will require anyone running a node (node operators, exchanges, miners, wallet services, etc…) to update to a new version of Geth or Parity before block 7,080,000. Block 7,080,000 will occur in approximately 32 hours from the time of this publishing or at approximately January 16, 8:00pm PT / January 16, 11:00pm ET / January 17, 4:00am GMT.”
The Ethereum Foundation has confirmed that if you simply interact with Ethereum, including those who just use Ethereum for smart contract owners, that you don’t have to do anything – the changes in Constantinople that would’ve introduced security vulnerabilities via a bug have not yet been implemented.
What do you think? Security breaches and vulnerabilities are a big deal in cryptocurrency. Yesterday, we talked about Cryptopia being hacked. Bitmain, due to an economic concern, has closed many offices, the most recent being their Amsterdam office. Let us know what you think on our Facebook page!
