Ethereum Constantinople Upgrade hits last minute, saving many users from disastrous losses. The Ethereum team postponed today a major upgrade of the Ethereum blockchain after a security company found a vulnerability that could have allowed hackers to steal funds from users.
The update of the Ethereum network, known as the Constantinople upgrade, was scheduled for launch tomorrow, 16 January. A new start date for the rollout of Constatinople will be agreed on Friday 18 January.
The vulnerability is what blockchain security experts call a “reentrancy attack ” and ChainSecurity, whose researchers detailed the bug in a medium blog post, discovered. According to the company, the attack would have allowed a malicious threat actor to steal funds from users who had an Ethereum intelligent contract with the attacker.
A smart contract is a script running on the Ethereum blockchain that enables users to input Ether funds, pool funds with other users and receive currency back on a number of predetermined terms.
ChainSecurity experts discovered that the processing of smart contracts by Ethereum Constantinople Upgrade allowed malicious actors to extract funds from users without meeting the requirements of the contract or without the consent or knowledge of the user.
The vulnerability is called a “reentrancy attack” because it allows the attacker to repeatedly run the same function until all the shared funds of the user are exhausted. The company said that a fast (and incomplete) scan of the current version of the Ethereum platform did not identify intelligent contracts vulnerable to the vulnerability it found.
Ethereum devs said that ” ChainSecurity and TrailOfBits ran (and are still running) analysis across the entire blockchain ” for vulnerable contracts that can be exploited even on the current Ethereum platform.
They said that the two security companies found no evidence of the defect in the wild. The Ethereum dev team and its security group (ethsecurity.org) work on a patch, but also on similar defects.
Cryptocurrency owners of Ether (ETH) have nothing to worry about at this moment.
Leave a Reply