Ethereum Core Devs Pull Constantinople Upgrade Due To Reentrancy Attack Loophole

0

Ethereum’s (ETH) implementation of the Constantinople hard fork will be delayed for at least a week after a smart contract security firm discovered a vulnerability that allows a reentrancy attack.

ChainSecurity, a smart contract auditing firm reported the vulnerability in a detailed blog post published on January 15.

The blog post notes that Ethereum’s Constantinople upgrade is meant to introduce cheaper gas costs for some of the operations on the network.

However, this upgrade has led to an unexpected side effect connected to using certain ETH commands. Allegedly, smart contract functions previously considered “reentrancy-safe” are now vulnerable to reentrancy attacks.

Reentrancy attacks occur when a vulnerability in the system allows a malicious entity to steal crypto from a smart contract. The attacker repeatedly requests funds from the smart contract, while at the same time they keep feeding the system false information about the attacker’s actual ETH balance.

Afri Schoedon, a release manager at Parity Technologies, confirmed that ETH core developers were aware of the reentrancy vulnerability.

Commenting on Reddit, Schoedon then explained that an all-core-dev call had been planned for Friday, January 18 where a decision will be taken on any further steps concerning the loophole.

He also added that the launch of Constantinople would be pushed to a later date in the coming week. He said:

“We decided to pull Constantinople. Further steps [to be taken] on Friday.”

The ChainSecurity report on the Constantinople loophole came out on the very day ETH core developers reportedly said that the hard fork would be “the least eventful one” in Ethereum’s history.

Ethereum devs first tested the Constantinople upgrade on the platform’s Ropsten public testnet in October 2018. It was scheduled for activation on the mainnet in November but was postponed to January this year after implementation ran into technical hurdles.

The fork is primarily focused on the technical improvements on the Ethereum network, an aspect that prompted core developer Lane Rettig to call it “a less contentious hard fork.”

He added:

“Of all the hard forks in the history of Ethereum, it’s probably the least eventful one.”

One thing that the “update” will achieve will be to reduce mining rewards earned by miners for every block of transactions, from a reward of 3 ETH to 2.

The adjustment to block rewards will likely reduce the impact of inflation and volatility that has allegedly led to Ethereum miners resort to selling ETH.

But there is an even more serious consideration here. The general take is that reducing miner incentives could lead to reduced support from miners.

Reportedly, this then renders Ethereum vulnerable to a potential 51 percent attack. The gravity of this possibility came to the fore after a recent attack compromised Ethereum Classic (ETC).

Notably, however, is that the expected reduction in miner incentives won’t be hugely controversial, given that these updates are part of the platform’s move that should see rewards gradually reduce to zero.

All these are meant to prepare Ethereum for its expected shift from the current Proof-of-Work (PoW) consensus algorithm to a Proof-of-Stake (PoS) mechanism.

Caution remains, nonetheless, as hard forks can be chaotic and divisive. That reality came to the fore with last November’s Bitcoin Cash (BCH) hard fork that was highly divisive and ended with two splinter chains of BCH and Bitcoin Cash SV (BSV).

Several exchanges have indicated support for the Ethereum upgrade, including Coinbase, Binance, OKEx, and Kraken.


Disclaimer: This is not investment advice. Cryptocurrencies are highly volatile assets and are very risky investments. Do your research and consult an investment professional before investing. Never invest more than you can afford to lose. Never borrow money to invest in cryptocurrencies.

Leave A Reply

Your email address will not be published.