Source: Wit Olszewski – Shutterstock
- Ethereum Core developers have decided to improve the update release mechanism.
- The Optimistic Ethereum team caused Infura to fail by triggering a critical sync bug on the Geth client.
On November 11, an “unannounced hard fork” on Ethereum impacted the operation of Infura and most of the exchanges that relied on its backend services. Although ETH’s price was unaffected and hit a new annual high of $ 476 on November 12, the event was met with harsh criticism from the community.
Blockchair’s chief developer Nikita Zhavoronkov offered one of the first explanations for the failure and said it “shouldn’t be underestimated.” Zhavoronkov you think that the incident is of great importance to Ethereum and one of the most important it has faced since the “DAO debacle four years ago”.
A subsequent security report, published via Twitter by Ethereum Core developer Péter Szilágyi, provided a more detailed insight into the bug specifically affecting the Geth client. According to the report, on October 24 the geth team was notified of a Denial of Service (DoS) bug found in the Go programming language library:
The DoS problem can be used to block all Geth nodes during block processing, the effects of which would be that an important part of the Ethereum network would go offline.
The bug was fixed in an update, but versions prior to Geth 1.9.19 remained vulnerable. Infura and other users were not notified and continued to use vulnerable versions of the Geth client. Therefore, when on November 10 the Optimistic Ethereum (OE) team decided to “test a bug” they found in the Ethereum virtual machine, as a member of the OE 30 blocks were lost in a division of the chain declared:
I would like to apologize to the community for inadvertently causing some nodes to go out of sync on Ethereum last night (…). we decided to test the bug and see what would happen. In hindsight, we didn’t realize the impact of the few nodes that haven’t been updated.
Ethereum developers discuss the Geth bug
As mentioned above, the unannounced hard fork caused great controversy in the crypto community. Users and developers are discussing the responsibilities of both sides. In a recent call from leading Ethereum developers, the issue was also raised. Tim Beiko reported on the call and started with Szilágyi’s comments:
(…) This isn’t the first time the geth have quietly solved a consensus problem. They decide whether to advertise the fix based on the likelihood that someone will exploit the bug. In this case, they decided to keep it hidden.
According to the developer, exploiting the vulnerability would have been “too easy” to disclose. However, he agreed that after the update, Geth developers “should have reported that an older version had a problem.” The call then discussed the possibility of reporting future problems at least one month after they were resolved, in order to achieve improvement. Szilágyi added:
Whenever they reveal a bug, it creates a risk for the network and for anyone who does not upgrade.
For his part, James Prestwich has come up with the possibility of creating a “private list” to notify members of the list of similar bugs. However, creating such a mechanism presents several challenges: increasing centralization on Ethereum, determining who should be on the list, and giving added members “competitive edge”.
In this sense, Szilágyi has maintained his position that the priority should be the security of Ethereum. Therefore, he asked the community for suggestions on how to improve the release of updates to the public.
[ad_2]Source link