Ethereum’s Constantinople Hard Fork Delayed Due to Discovery of Critical Bug, ETH Price Drops Over 7%
On Tuesday (January 15th), Zurich-based blockchain security firm ChainSecurity announced that it had discovered a critical bug in Ethereum’s code changes for the Constantinople upgrade that could leave some smart contracts vulnerable to attacks that could lead to loss of user funds. This means that the Constantinople hard fork, which was expected to be activated in the early hours of Thursday (January 17th) at block number 7,080,000, has had to be delayed.
ChainSecurity offers three types of services:
- smart contract audits (based on its “proprietary audit platform”);
- a secuity audit platform (a set of “automated tools for developers and auditors” — this takes a smart contract and its formal specification as inputs and produces a security report as the output; and
- security monitoring (“ideal for exchanges and response teams”) — this type of monitoring “inspects smart contracts on-chain to ensure compliance and absence of security exploits”.
ChainSecurity’s Medium blog post, which was published earlier today, was titled “Constantinople enables new Reentrancy Attack.” Here was the summary of the critical vulnerability that they had discovered:
“The upcoming Constantinople Upgrade for the ethereum network introduces cheaper gas cost for certain SSTORE operations. As an unwanted side effect, this enables reentrancy attacks when using address.transfer(…) or address.send(…) in Solidity smart contracts. Previously these functions were considered reentrancy-safe, which they aren’t any longer.”
So, basically, ChainSecurity was saying that the implementation of one of the Constantinople’s five main changes, EIP 1283, contained a critical bug. This discovery led to Ethereum’s core developers, as well as some other important people such as Ethereum creator Vitalik Buterin, meeting virtually and agreeing to delay the hard fork while they studied this issue, with a further meeting scheduled for this Friday to decide on a new fork date.
Featured Image Credit: Photo via Pexels.com