The Ethereum constantinople fork was shifted from last year to this year. Unfortunately, due to a security risk, it was subsequently postponed from the 16th of January 2019. All the developers were expected to make certain changes according to the request by the lead developers. While a majority made the changes, not everyone complied. This led to a chain split with some miners working with the unofficial constantinople fork while the majority worked with the regular Ethereum.
Ethereum Constantinople Upgrade Gets Postponed
Ethereum Constantinople Upgrade Gets Postponed
After ChainSecurity found some vulnerabilities on the Ethereum blockchain, they passed the message to developers who officially updated the community. The statement about the delay was as follows:
“We are looking at a potential vulnerability on the Ethereum blockchain. We will continue to update everyone through social media and blog posts.”
As a cautionary measure, the majority of Ethereum developers decided to delay the fork that was supposed to take place at block 7,080,000. Every miner was expected to hold on to maintain the network consensus. Unfortunately, not every miner got the message. According to Ethdevops.io, about 10TH/s worth of mining power was being generated from the unofficial constantinople chain. The hashpower coming from the constantinople chain is more than what is coming from Ethereum Classic.
What Is The Non-Zero Risk
What Is The Non-Zero Risk
The vulnerability that was spotted by the security audit firm is known as the non-zero risk. It allows hackers with a degree of sophistication manipulate the Ethereum blockchain. The change in how Ethereum charges for storage allows a hacker to steal money from dApps. This reentrancy attack is not like the double spend or replay attack that happened on the Ethereum Classic blockchain a while ago. It is a completely different vulnerability. For the smart contract to be vulnerable, ChainSecurity said that certain conditions must be met. Some of the conditions are as follows:
1. The attacker must create a function A that will be used to make a transfer and a state-changing operation. Sometimes, it may not be obvious. It may be second interaction or transfer with another smart contract.
Ethereum (ETH) Price Today – BTC / USD
| Name | Price | 24H % |
|---|---|---|
 | $0.00 | -2.08% |
2. Secondly, there must be a B function that can be accessed from the A attacker. A would be able to change the state while B would have conflicting functions.
3. The function B attacker will need to execute with less than 1600 gas (700 gas for the the call – 2300 gas for stipend).
While the vulnerability is not yet on the mainchain, the developers decided to be safe rather than sorry.
The post on the Ethereum official blog was as follows:
Security auditing firms like TrailOfBits and ChainSecurity ran in depth analysis on the Ethereum blockchain (they are still running these audits). They haven’t found any case of this vulnerability on the blockchain but there is still a non-zero risk that can affect the contract.
Security auditing firms like TrailOfBits and ChainSecurity ran in depth analysis on the Ethereum blockchain (they are still running these audits). They haven’t found any case of this vulnerability on the blockchain but there is still a non-zero risk that can affect the contract.
With a decentralized network like Ethereum that has a vast network, it may be difficult to reach everyone with the network upgrade on time. A typical example is the Bitcoin node map. If you take a look at it, you’ll find out that there are currently different versions active at the same time. So, some of the Ethereum nodes are already mining the constantinople fork even if it was delayed. Unfortunately, they will be unable to earn valid ETH while mining.
Do you think the developers deliberately went ahead with the hard fork or it was an honest mistake?
Max writes about blockchain projects and regulation with a special focus on United States and China. He joined Smarterum after years of writing for various media outlets.
