The upcoming hard fork on the Ethereum network has been delayed after a vulnerability in the code was discovered which would make it possible for malicious actor to steal funds through manipulation of smart contract architecture.
The upcoming Ethereum hard fork, which was supposed to happen today (January 16th) has been postponed at the eleventh hour, after a vulnerability in the code was discovered. This vulnerability, if exploited, would allow malicious actors to repeatedly siphon ETH out of a smart contract through a bug similar to that which led to the DAO hack.
Unwanted Side-effect: Reentrancy Attack
As Ethereum, eventually through the implementation of the Constantinople upgrade, will transition from a proof-of-work to proof-of-stake consensus model, a number of updates need to be implemented which will slowly bring about this transition. The update scheduled for this month was a step in this process, reducing the mining reward for Ethereum miners.
However, it has emerged that a bug in the code allowed for an unwanted side-effect in the form of a reentrancy attack. This would allow a malicious actor to drain Ether incrementally out of a smart contract through a supply of false data.
ChainSecurity, a firm which audits smart contracts discovered the flaw during an audit of the code. In a blog post, they wrote that, whilst gas costs are reduced, a vulnerability emerges in that certain commands allow for funds to be drained.
After setting up things within the right parameters, an attacker can steal, “other people’s ether out of the PaymentSharer contract and can continue to do so.”
Ethereum Postpones Update
As a response to the discovery, the Ethereum team have postponed the fork. It has been speculated that it will take place next week although this has not been confirmed.
Afri Schoedon, who is the coordinating the hard-fork at Ethereum confirmed that the team was aware and that the update would be delayed in a reddit post:
“We will decided further steps on Friday in the all-core-devs call. For now it will not happen this week. Stay tuned for instructions.” Wrote Schoedon. A later post in the same thread confirmed the issue was being worked on:
“We are patching right now. There is not much more we can do before Friday but investigating the severity of the issue.”
Least Eventful Fork in History
Lane Rettig, an Ethereum core developer recently described the Ethereum hard fork as “the least eventful” hard fork in the history of the network.
“I really can’t imagine a less contentious hard fork, to be honest,” she said, reasoning that there were no warring factions within the Ethereum team fighting for their vision to survive. Hard forks have become associated with political manoeuvring within the crypto sphere, thanks to the handful of bitcoin spinoffs over the years, and in particular to the recent bitcoin cash fork which produced bitcoin SV, as well as the original bitcoin fork which produced bitcoin cash.
When the fork, which has been a long time coming, is eventually implemented, it is hoped that the reduction in miner reward (from 3 ETH to 2) will reduce inflation on the network and incentivise miners to hold on to ETH they earn. Under the current state of affairs, miners often immediately sell their winnings to cover costs.
Image Source: “Flickr”
Alex has been putting words on paper since he was old enough to hold a pen; when he bought his first bitcoin in January 2017, those words discovered their place within crypto as well. He holds a master’s degree in international relations from Leiden University in the Netherlands, and his special expertise lies in European cryptocurrency regulation.