Ethereum Improvement Protocol 1283: reason for the delay of Constantinople hard fork
Ethereum [ETH], the third largest cryptocurrency and the leading smart contract, is back in the news, yet again, because of the Constantinople hard fork. This time the team has decided to postpone the hard fork as issues related to the hard fork have been brought to light by ChainSecurity, an audit platform for smart contracts, and the team is currently looking into the potential of the vulnerability of these issues.
The decision to push the hard fork forward was jointly taken by Ethereum stakeholders, security researchers, Ethereum client developer, smart contract owners and developers, wallet providers, dApp developers, Node operators and other key members of the community. The Foundation has also asked miners, exchanges and node operators to update to the new version of Parity and Geth.
Ethereum announced on official Twitter handle:
“[SECURITY ALERT] #Constantinople upgrade is temporarily postponed out of caution following a consensus decision by #Ethereum developers, security professionals and other community members. More information and instructions are below.”
The reason for the delay is a Reentrancy attack after the Constantinople hard fork, discovered by ChainSecurity as a part of the Ethereum bug bounty program. This problem was found in one of the five proposed Ethereum Improvement Protocols [EIP]s. The protocol in the spotlight here is the EIP 1283: the net gas metering for SSTORE without dirty maps. This improvement protocol was written by Wei Tang and enables new usages for contract storage and reduces gas cost for SStore operations.
Ethereum Constantinople Security Issue || Source: ChainSecurity
According to them, a smart contract is vulnerable to the attack only after the Constantinople upgrade and before it. The report further stated that the vulnerable code stimulates a secure treasury sharing service, wherein “two parties can jointly receive funds, decide on how to split them, and receive a payout if they agree*.”
Why smart contracts are vulnerable to the attack | Source: Trading View
Interestingly, the improvement protocol cannot be removed from the upgrade as it would “introduces too much complexity that cannot be tested and confidently be released within 36 hours“, said Afri Schoedon, a core developer of Ethereum Foundation. As of now, the fate of Constantinople hard fork is going to be decided during the ETH dev core meeting, which will be held towards the end of this week.
“Ethereum’s centralization (devs, infura) comes in handy when you have to make new monetary decisions, rushed hard forks, rushed upgrades, rushed downgrades and rushed patches. It’s a feature, not a bug!”
Cyrus Younessi, Director of Research and Trading at Scalar Capital:
“Having witnessed both, I feel emergency hard fork *cancellations* are much more preferable than emergency hard forks, and the market seems to agree. Congrats to the Ethereum community for (once again) swift and sensible decision making.”
Notably, this is not the first time the upgrade has been postponed. The initial launch of Constantinople was set to be in late 2018, but was pushed to early 2019 because of issues discovered in the Parity implementation of Ethereum, during the Ropsten Testnet. The reason for the initial delay was the a consensus bug and also the limitation of Parity against Geth.
Source: Read Full Article