Parity Technologies, developers of ethereum client software, said it has fixed a vulnerability in its node client software and called on ethereum nodes to update their software immediately.
In a statement published on its website on Sunday, Feb 3, Parity tech said it was notified of a vulnerability which exposed node to a possible crash when attacked by a bad actor. It said it fixed the vulnerability the same day it was first notified of it.
Parity’s statement read:
“On February 3rd, we received several reports that an attacker can send a specially-crafted RPC request to a public Parity Ethereum node (any version pre 2.2.9-stable and pre 2.3.2-beta) and that node will crash.”
The firm called on nodes operating its software to perform an urgent update.
“The fix is out—please update your nodes ASAP,” Parity wrote in a tweet adding that “while the vulnerability only directly affects Parity Ethereum nodes that serve JSONRPC as a public service (e.g., Infura, [MyEtherWallet], MyCrypto, etc), [the firm] recommend everyone to update their nodes immediately.”
According to Parity’s statement, Kosala Hemachandra a developer from MyEtherWallet who was the first to notify the team of the bug will benefit from its bug bounty program.
The consequences of vulnerability like this can be dire as the cryptocurrency community witnessed in 2017 when a user of Parity’s Ethereum (ETH) wallet accidentally froze 513,774.16 ETH (worth around $150 million at the time). The funds have not been recovered as the ethereum nodes voted against a proposal meant to restore a disabled contract to unfreeze the funds.
More recently a bug contained in one of the Ethereum Improvement Proposals (EIPs) for ethereum’s Constantinople upgrade caused a lack of consensus when it was launched on the Ropsten testnet. After a post mortem on the testnet failure, it was discovered that the bug affected parity and aleth clients. Parity developer, Wei Tang fixed the bug to ensure Parity and Geth clients were in sync.
As Smartereum reported, Parity technologies were rewarded for its efforts by Ethereum Foundation with a development Grant of $5 million to encourage its work on blockchain scaling technologies like Sharding and Casper.