Vulnerability Is Found in Constantinople Hours After ETH Devs Call It ‘Least Eventful’ Hard Fork

Published at: Jan. 15, 2019

Ethereum’s (ETH) Constantinople hard fork faces a delay over a newly discovered security vulnerability allowing a reentrancy attack. The critical issue was detected by smart contract audit firm ChainSecurity and reported in a blog post Jan. 15.

According to the company’s report, the Constantinople upgrade introduces cheaper gas cost (transaction fees) for some operations on the Ethereum network. As an unexpected side effect, this allegedly enables reentrancy attacks via the use of certain commands in ETH smart contracts.

A reentrancy vulnerability allows a potential attacker to steal cryptocurrency from a smart contract on the network by repeatedly requesting funds from it while feeding it false data about the malicious actor’s actual ETH balance.

Afri Schoedon, the hard fork coordinator at Ethereum and release manager at blockchain infrastructure provider Parity Technologies, has confirmed on Reddit that the core developers of Ethereum are aware of the vulnerability.

Schoedon explained that an all-core-dev call has been scheduled on Friday, Jan. 18, to decide on further steps in relation to the newly discovered loophole. According to him, the launch of Constantinople has been postponed until at least the next week:

“We will decided (sic) further steps on Friday in the all-core-devs call. For now it will not happen this week. Stay tuned for instructions.”

On the same day that the vulnerability was discovered, Ethereum’s core developers said that they expect the upcoming fork to be the least eventful one in the history of Ethereum. Their remarks were reported in a Bloomberg article published Jan. 15.

Constantinople was first trialed on the Ethereum public testnet Ropsten in mid October last year, and had been intended to be swiftly activated on the main blockchain by the end of October–November 2018.

After facing technical hurdles, its launch was delayed to be implemented at Ethereum block 7,080,000, expected Jan. 16. Given the fork’s focus on primarily technical improvements, Ethereum core dev Lane Rettig told Bloomberg:

"I really can’t imagine a less contentious hard fork, to be honest. Of all the hard forks in the history of Ethereum, it’s probably the least eventful one."

As reported, in earlier discussions of Constantinople, some devs had proposed it would be less controversial, or even political, to change the term for the transition from hard fork to “update.”

The main impact of the shift will be the reduction of mining rewards for each block from the current 3 ETH to 2. The downward adjustment could reportedly help to reduce the inflation and volatility that is allegedly associated with miners selling ETH to cover their costs and boost revenue.

If reduced incentives equate to less support from miners, as Bloomberg notes, this could render the network more susceptible to the possibility of a 51 percent attack — a risk that has been robustly demonstrated in the recent attack on Ethereum Classic (ETC).

Yet, as reported, the reduction is unlikely to be controversial, as it has long been in the works to gradually reduce rewards to zero as the network readies for its planned transition to a Proof-of-Stake (PoS) consensus algorithm.

The high stakes involved in implementing hard forks were thrown into stark relief last November, when the Bitcoin Cash (BCH) community splintered into two warring factions over a scheduled hard fork.

Major United States cryptocurrency exchanges Coinbase and Kraken are the latest to have confirmed their support for Constantinople, joining other top global industry players such as Binance, Huobi and OKEx. Kraken has aligned with the devs in saying it expected the fork would not be controversial.

Tags
Blockchain
Ethereum
Mining
Hard Fork
Related Posts
Binance Will Support Newly Announced Ethereum Muir Glacier Upgrade
Major cryptocurrency exchange Binance will suspend Ether (ETH) deposits and withdrawals to support the recently announced Ethereum network Muir Glacier upgrade. In a Dec. 30 blog post, Binance said that deposits and withdrawals will be suspended on the platform prior to the Ethereum network block height of 9,200,000 selected to execute the upgrade. Ether trading will not be affected While ETH trading will not be affected during the upgrade, deposits and withdrawals will be reopened once Binance deems the upgraded network to be stable. Binance noted that it will not make a separate announcement about the resumption of deposits and …
Blockchain / Dec. 30, 2019
Ethereum Block Time Reduced by 25% After Muir Glacier Hard Fork
The average block time on the Ethereum blockchain decreased by almost a quarter after the mining difficulty was decreased. Data reported on Ethereum block explorer Etherscan shows that from Jan. 1 to Jan. 4, the daily average block time on the blockchain decreased from 17.16 seconds to 12.96. This translates to a 24.48% shorter block time. Chart of the Ethereum average block time March 3-Jan. 4. Source: Etherscan Obviously, the block time decrease resulted in a higher number of blocks mined daily and a higher Ether (ETH) inflation. According to Etherscan’s Ethereum block count and rewards chart, during Jan. 1, …
Blockchain / Jan. 5, 2020
Ethereum’s Constantinople, St. Petersburg Upgrades Have Been Activated
The Constantinople and St. Petersburg network upgrades for the world’s second largest cryptocurrency, Ethereum’s (ETH), occurred today Feb. 28, according to ethstats.net. Specifically, the updates went live on the main network at block 7,280,000, in accordance with previously released schedule. Although the upgrade has two names of two originally separated updates, they have subsequently been combined into one. Per Ethernodes.org, not all Ethereum users have adopted the updates. Only 22.3 percent of Geth and Parity clients are reportedly already running the Constantinople-compliant version. Constantinople is set to bring multiple efficiency improvements to the platform, including cheaper transaction fees for some …
Blockchain / Feb. 28, 2019
Ethereum Merge and the hefty tax bill you could be in for
Ethereum (ETH) hodlers that don’t play their cards right following the Ethereum Merge may be in for a hefty bill come tax time, according to tax experts. Around Sept.15, the Ethereum blockchain is set to transition from its current proof-of-work (PoW) consensus mechanism to proof-of-stake (PoS), aimed at improving the network’s impact on the environment. There is a chance that The Merge will result in a contentious hard fork, which will cause ETH holders to receive duplicate units of hard-forked Ethereum tokens, similar to what happened when the Ethereum and Ethereum Classic hard fork occurred in 2016. Tax compliance firm …
Blockchain / Sept. 1, 2022
What is PoW Ethereum (ETHW), and how does it work?
Ethereum blockchain shifted from a proof-of-work (PoW) to a proof-of-stake (PoS) consensus mechanism on Sept. 15, 2022. Along with this move, ETHPoW, a distinct PoW blockchain (basically the old pre-Merge Ethereum) forked from Ethereum's Merge, became live. This forked version of Ethereum aims to maintain the proof-of-work mining process for ETH miners. Any miner is permitted to add a block to the PoW network with the clear stipulation that the first valid block published is the correct one. In reality, more than one legitimate block is occasionally discovered by the network due to the latency of data propagation, creating numerous …
Blockchain / Oct. 4, 2022