The long-awaited fork of Constantinople from the Ethereum network has been delayed due to potential security issues identified by ChainSecurity. An innovation of Constantinople update consisted of introducing cheaper gas costs for some SSTORE operations. The Swiss security company blockchain warned that this would allow recess attacks.
Do not worry: update and you will not regret it
Following the disclosures of ChainSecurity, key stakeholders in the Ethereum community decided to postpone the Constantinople fork, initially scheduled for launch on January 16, 2019.
[SECURITY ALERT] #Constantinople the update is temporarily postponed as a precaution following a consent decision by #Ethereum developers, security professionals and other community members. Other information and instructions are below. https://t.co/p2znO8HGxf
– Ethereum (@ethereum) January 15, 2019
This means that anyone running a node – node operators, exchanges, miners, portfolio services – has to update a new version of Geth or Parity before blocking 7.080.000.
The 7.080.000 block will occur around 20:00 pm / 16 January, 4:00 GMT / 17 January. Update the Geth and / or Parity instances to updated versions using the following links:
Geth
- Update to 1.8.21, OR
- Downgrade to Geth 1.8.19, OR
- Stay on 1.8.20, but use the & # 39; -override.constantinople = 9999999 & # 39; to indefinitely postpone the Constantinople fork.
Equality Ethereum
If you're just interacting with Ethereum (do not run a node), you do not have to do anything!
Ledger, Trezor, Safe-T, Parity Signer, WallEth, Paper Wallets, MyCrypto, MyEtherWallet and other users or token holders who do not participate in the network by synchronizing and executing a node can remain calm. The change that would introduce this potential vulnerability will not be enabled.
Snapshot of the Ethereum Constantinople update. Image source: Consensys
Smart Contract Vulnerability
ChainSecurity analysis plunges deep into the potential risk of the Constantinople fork and how smart contracts can be controlled for their vulnerability.
EIP-1283 introduces cheaper gas costs for SSTORE operations. But their results show that some smart contracts already in the chain could use code models that would make them vulnerable to a reentrancy attack after the update of Constantinople.
Contracts that increase the likelihood of being vulnerable are contracts that use a transfer () or send () function followed by a & # 39; change status operation. Take, for example, a contract in which two parties receive funds jointly, make a decision on how to divide these funds and activate a payment of these funds.
Do not skip the gun – Wait and watch
There is a non-zero risk that some contracts may be affected, according to ChainSecurity.
With great caution, stakeholders in the Ethereum network decided to delay the update. There was not enough time to eliminate all the security risks before the planned fork on January 16, 2019.
Security researchers, Ethereum client developers, owners and developers of smart contracts, portfolio providers, node operators, Dapp developers and media have been involved in the discussion that led to the decision.
If you want to stay updated on the latest developments in the Ethereum of Constantinople and Equality, follow @ParityTech on Twitter or look at the Ethereum blog.
[ad_2]Source link