Ethereum’s planned Constantinople upgrade been halted after a critical vulnerability was discovered in one of the planned changes. The vulnerability was found by smart contract audit firm ChainSecurity. They announced the problem in a medium post Tuesday that Ethereum Improvement Proposal (EIP) 1283, if implemented, could provide attackers a loophole in the code to steal funds.
Ethereum developers, as well as developers of clients and other projects running the network, agreed to delay the hard fork – at least temporarily – while they assessed the issue.
The developers included ethereum creator Vitalik Buterin, Nick Johnson, Evan Van Ness,Hudson Jameson, and Parity release manager Afri Schoedon.
The project’s core developers reached the conclusion that it would take too long to fix the bug prior to the hard fork, which was expected to happen at around 04:00 UTC on Jan. 17.
The vulnerability essentially allows an attacker to “reenter” the same function multiple times without updating the user about the state of affairs, an attacker could essentially be withdrawing funds forever.
Joanes Espanol, CTO of blockchain analytics firm Amberdata said:
“Imagine that my contract has a function which makes a call to another contract… If I’m a hacker and I’m able to trigger function a while the previous function was still executing, I might be able to withdraw funds.”
ChainSecurity’s post explained that prior to Constantinople, storage operations on the network would cost 5,000 gas, exceeding the 2,300 gas usually sent when calling a contract using “transfer” or “send” functions.
The post explained:
“This code is vulnerable in an unexpected way: It simulates a secure treasury sharing service. Two parties can jointly receive funds, decide on how to split them, and receive a payout if they agree*. An attacker will create such a pair with where the
first address is the attacker contract listed below and the second address is any attacker account. For this pair the attacker will deposit some money.”
However, if the upgrade was implemented, “dirty” storage operations would cost 200 gas. An “attacker contract can use the 2300 gas stipend to manipulate the vulnerable contract’s variable successfully.”
ChainSecurity wrote in the medium post:
“A scan of the main ethereum blockchain using the data available fromeveem.org did not uncover vulnerable smart contracts. “
Image courtesy of cannedhistorian.blogspot.com