Ethereum Constantinople Upgrade Delayed Over Security Vulnerability
The long-awaited Constantinople fork of the Ethereum network has been delayed earlier this week due to potential security issues identified by security audit company ChainSecurity on January 15.
The security bug could potentially make some smart contracts on Ethereum vulnerable to a so-called “re-entrancy attack,” enabling an attacker to steal other people’s ETH.
Following ChainSecurity’s findings, key stakeholders within the Ethereum community decided to postpone the Constantinople fork, initially scheduled to activate on block 7,080,000 on January 16.
[SECURITY ALERT] #Constantinople upgrade is temporarily postponed out of caution following a consensus decision by #Ethereum developers, security professionals and other community members. More information and instructions are below. https://t.co/p2znO8HGxf
— Ethereum (@ethereum) January 15, 2019
The bug is explained in detail in a blog post by ChainSecurity. The important thing is that, since Constantinople was delayed, no smart contracts are vulnerable at this point. In fact, a scan of Ethereum’s blockchain by ChainSecurity did not find any contracts that would be vulnerable even if the upgrade went through, but Ethereum’s developers still decided to mitigate the risk by delaying the upgrade.
“Because the risk is non-zero and the amount of time required to determine the risk with confidence is longer the amount of time available before the planned Constantinople upgrade, a decision was reached to postpone the fork out of an abundance of caution,” Ethereum developer Hudson Jameson wrote in a blog post.
Soon after the news broke, both Parity and Geth teams released new emergency versions of their respective clients and asked all the node operators to update to the new versions immediately. The emergency version released by the Parity team is Parity Ethereum 2.2.7 – stable and Parity Ethereum 2.3.0 – beta. The emergency version released by Geth team is Byzantium Revert v1.8.21.
This update, according to the initial announcement by Ethereum Foundation, is required to be done by miner, exchanges and node operator. Ledger, Trezor, Safe-T, Parity Signer, WallEth, Paper Wallets, MyCrypto, MyEtherWallet and other users or token holders that do not participate in the network by syncing and running a node can remain calm. The change that would introduce this potential vulnerability won’t be enabled.
Constantinople was an important upgrade of Ethereum which was supposed to make the network a bit more efficient and pave the way for future upgrades, most importantly switching to a proof-of-stake consensus algorithm later this year. There’s no new date set for the Constantinople upgrade at this point.
This is not the first time Constantinople has been delayed. The upgrade was originally scheduled to go live in November 2018, but was postponed due to bugs.
Subscribe to our Newsletter<
- Exclusive: Ledger’s Top Manager Charles Guillemet on Trezor/HTC Vulnerabilities and How to Hide in a Victim’s Closet While Hacking Ledger
- Ycash, Hardfork of Privacy Focused Cryptocurrency Zcash, Is Live
- SEC Chairman Agrees Cryptocurrencies Like Ethereum Are Not Securities
- Ethereum Developers In Search of Hard Fork Coordinators After Successful Constantinople Upgrade
- Ethereum’s Constantinople Upgrade is Likely to Go Ahead Despite Another Bug
- Developers Fix Parity Ethereum Node Vulnerability, Urge All Node Operators to Update
- Ethereum Back to Crypto Second Spot Amid Market’s Moderately Positive Growth
- CFTC Seeks Public Comments on Ethereum and Its Underlying Technology