Vulnerability detected in Ethereum’s (ETH) Constantinople in Smart Contracts!

New system-wide update delayed

Will the delay in Ethereum (ETH) Constantinople hardfork affect traders?

Two weeks ago, the Ethereum’s community was made aware of potential vulnerabilities in its new system-wide update, Constantinople. These risks were discovered by auditing and security monitoring firm ChainSecurity. The company explained as a consequence of the Constantinople update, certain smart contracts will be vulnerable to reentrancy attacks. The full source code, along with the attacker contract is available on ChainSecurity’s Github account.

The vulnerability in the code, manifested in an unexpected way according to Chain Security, by simulating a secure treasury sharing service. An attacker would take advantage of this by simulating both accounts that jointly receive funds, an attacker could siphon other users Ether out of their Payment Sharer contract.

As ChainSecurity explained in a blog post “Two parties can jointly receive funds, decide on how to split them, and receive a payout if they agree. An attacker will create such a pair with where the first address is the attacker contract listed below and the second address is any attacker account. For this pair, the attacker will deposit some money”.

Crypto entrepreneurs and enterprises love Ethereum platform

Ethereum is the world’s third-largest cryptocurrency by market capitalization and is a decentralized, open-source blockchain network that provides a conducive environment for developers to build and launch decentralized software. Ethereum Blockchain differs from Bitcoin as it essentially focuses on being a platform for other entities to run their decentralized software, while Bitcoin’s network focuses on one single application of Blockchain, a peer-to-peer payments system.

# OF BLOCKCHAIN STARTUPS USING DECENTRALIZED PLATFORMS

Source: InWara’s ICO+STO database

According to InWara’s ICO+STO database. Over 4000 Blockchain startups are using Ethereum’s platform, an overwhelming amount when compared to the 308 startups that are using other competing platforms.

KEY STAKEHOLDERS OF ETHEREUM DECIDE TO DELAY CONSTANTINOPLE

Ethereum’s key stakeholders decided, delaying the new system-wide update was the best course for action for now, while security researchers such as ChainSecurity and TrailOfBits analyse the entire blockchain. For now, the researchers have not found any vulnerability on the network.

Despite the chances that some contracts were affected being pretty low. The amount of time required to determine the risk with 100% confidence, is longer than the time available for the Constantinople update. Ethereum hence decided to delay the update out of ‘an abundance of caution’.

What is Ethereum’s Constantinople upgrade?

ALL YOU NEED TO KNOW ABOUT ETHEREUM’S CONSTANTINOPLE

Constantinople is Ethereum’s system-wide update that incorporates five different Ethereum improvement proposals (EIP). The new update is expected to be backward-incompatible, meaning it cannot use data created with an older version of the same program.

Backward incompatibility inherently creates the need to start over completely, once the platform is updated. This means that nodes-the network of computers that run Ethereum software- can either update together with the whole system or continue running as a separate Blockchain entity.

The latter is more commonly known as a ‘hardfork’, and they can lead to two different versions of the same Blockchain running simultaneously. Interestingly a previous hard fork has spawned the birth of competing crypto named Ethereum classic.

Disclaimer: Content sourced from InWara. This is not financial advice. InWara does not promote/demote any company/ICO. Opinions, statements, estimates and projections in this message or other media are solely those of the individual author(s). They do not necessarily reflect the opinions of Inwara or any of its affiliates (“Inwara”). Inwara has no obligation to update, modify or amend this message or other media, or to otherwise notify a recipient thereof, in the event that any matter stated herein, or any opinion, projection, forecast or estimate set forth herein, changes or subsequently becomes inaccurate. Any content, information and any materials provided in this message or other media is on an “as is” basis. Inwara makes no warranty, expressed or implied, as to its accuracy, completeness or timeliness, or as to the results to be obtained by recipients, and shall not in any way be liable to any recipient for any inaccuracies, errors or omissions herein. Without limiting the foregoing, Inwara shall have no liability whatsoever to a recipient of any message or media, whether in contract, in tort (including negligence), under a warranty, under statute or otherwise, in respect of any loss or damage suffered by such recipient as a result of or in connection with any actions, opinions, recommendations, forecasts, judgments, or any other conclusions, or any course of action determined, by it or any third party, whether or not based on the content, information or materials contained herein. For more details visit terms and conditions.


Vulnerability detected in Ethereum’s (ETH) Constantinople in Smart Contracts! was originally published in Data Driven Investor on Medium, where people are continuing the conversation by highlighting and responding to this story.