Ethereum’s Constantinople upgrade goes through another delay, developers cite ‘security vulnerabilities.’
Ethereum’s Constantinople The Series of Delays
All eyes are on Ethereum’s Constantinople upgrade after it failed to launch once again after announcing a release date. The upgrade which was previously supposed to be launched last year. It faced delays after multiple issues were found during the launch of the upgrades on the Ropsten Testnet, last year.
It again faced delays after a critical vulnerability was discovered by the audit firm, ChainSecurity on Tuesday. The firm stated that if the Ethereum Improvement Proposal(EIP) 1283 was implemented, it would be a cakewalk for the hackers to breach into the system as it may provide a loophole in the code, which can be used to steal user funds.
As a result, a team of Ethereum developers, the developers of the clients and other projects running on the network decided to announce that it is in the best interest of the company to delay the hard fork(A hard fork is a permanent diversion from the previous versions of a Blockchain software, which renders all the nodes running on the previous versions as invalid). The delay, however, may be temporary as steps are being taken to assess the issue.
The repercussion of this delay was felt in the prices of Ethereum. The cryptocurrency suffered a loss of around 6% in the past 24 hours with prices hovering around $120/ETH.
- Price $243.62
- Market Cap
What Exactly was the Security Vulnerability?
The project’s core developers reached a consensus that it would be impossible to fix the bug prior to the scheduled launch at around 04.00 UTC on 17th January.
The bug is being referred to as a ‘reentrant attack.’ It allows an attacker to re-enter the same function, ‘n’ number of times as per his will. This can be done without updating the users about these actions. In simple terms, an attacker could be ‘withdrawing funds forever’, as explained by Joanes Espanol, the CTO of Blockchain Analytics firm Amberdata in an interview.
This vulnerability is quite similar to the one found during the DAO attack of 2016.
How Would the Attacks Take Place?
Ethereum’s previous storage operations used to cost 5000 gas. It exceeded the limit of 2300 gas, which was generally required when a calling a contract for ‘transfer’ or ‘send’ functions, according to ChainSecurity.
With Constantinople, a major overhaul was being scheduled by Ethereum with five protocols that were scheduled to address the short-term scaling issues and the reductions in issuance.
If the upgrade was implemented, it would significantly reduce the cost of ‘dirty’ storage operation to 200 gas. This would render a stipend of 2300 gas to the attacker which can be used to manipulate the variable of a vulnerable contract.
The Future Course of Action
A team comprising of Ethereum creator Vitalik Buterin, developers Hudson James, Nick Johnson, and Evan Van Ness along with Parity release manager Afri Schoedon, with other members of the team, addressed a call to speak about the issues.
An Ethereum dev call is scheduled on Friday, where a new fork date will be decided upon.
Irrespective of the current delay, many experts are claiming that the update is an absolute necessity for bringing about long-term changes, and may reap significant benefits to Ethereum.