The basic developers Ethereum and the Ethereum safety community have been informed of the potential problems linked to Constantinople identified by Channel security January 15, 2019. We study all potential vulnerabilities and will follow with updates in this blog post and social networks.
By an abundance of caution, the main stakeholders around the Ethereum community have determined that the best line of conduct will be to delay the planned Constantinople fork which would have taken place in the 7,080,000 block on January 16, 2019.
This will require anyone who executes a node (node operators, exchanges, minors, portfolio services, etc.) to update to a new version of Geth or parity before block 7,080,000. Block 7,080,000 will occur within 32 hours from this publication or around January 16, 8:00 p.m. January 16, 11:00 p.m. January 17, 4:00 GMT.
What you need to do
If you are a person who simply interacts with Ethereum (you do not make a knot), You don’t need to do anything.
Minors, exchanges, node operators:
-
Update your Geth and / or Parish instances when released.
-
These versions are not yet published. We will update this message when they are available.
-
The links and version numbers and the instructions will be provided here when they are available.
-
We expect to have updated versions in 3 to 4 hours from the publication of this blog.
Geth
-
Upgrade 1.8.21 OR
-
Back to Geth 1.8.19OR
-
Stay on 1.8.20, but use the ‘-drone. Constantinople = 9999999’ switch to indefinitely report the Constantinople fork.
Parity
All the others:
Ledger, Trezor, Safe-T, Parity Signer, Walleth, Paper Wallet, Mycrypto, Myetherwallet and other users or tokens holders who do not participate in the network by synchronizing and performing a node.
- You have nothing to do.
Contract owners
-
You have nothing to do.
-
You can choose to examine the analysis of potential vulnerability and check your contracts.
-
However, you have nothing to do because the change that would introduce this potential vulnerability will not be activated.
Background
The article of Channel security Dive deep into potential vulnerability and how smart contracts can be verified for vulnerability. Very briefly:
-
EIP-1283 introduces the cost of cheaper gas for Sstore operations
-
Certain intelligent contracts (which are already on the chain) can use code models that would make them vulnerable to a reinforcement attack after the upgrading of Constantinople
-
These intelligent contracts would not have been vulnerable before the upgrading of Constantinople
Contracts that increase their probability of being vulnerable are contracts that use a transfer function () or sending () followed by an operation that changes the state. An example of such a contract would be that where two parties receive funds jointly, decide how to divide said funds and launch a payment of these funds.
How was the decision to postpone the fork of Constantinople
Safety researchers such as Chassecurity and Trailofbits have carried out an analysis (and still work) throughout the blockchain. They found no cases of this vulnerability in the wild. However, there is always a non -zero risk that certain contracts could be affected.
Since the risk is not zero and the time required to determine the risk with confidence is longer than the time available before Constantinople’s planned upgrade, a decision was made to postpone the fork of an abundance of prudence .
The parties involved in the discussions included, but without limiting themselves:
Response time
3h09 pt
- Chassecurity is responsible for vulnerability via the Bounty Bounty program from the Ethereum Foundation
8:09 a.m.
- The Ethereum Foundation requests security to publicly disclose
8:11 pm
- The original article by Chassecurity is published
8:52 pm
8:52 pm – 10:15 a.m.
- The discussion occurs on various channels concerning potential risks, chain analysis and measures to be taken
10:15 a.m. – 12:40 pm
- Discussion via Zoom Audio Call with the main stakeholders. The discussion also continues in Gitter and other channels
12:08 pm
- Decision taken to delay the upgrade of Constantinople
1:30 p.m. PT
- Public blog article published on various channels and social media
This article has been set up in an Evanvanness, Infura, Mycrypto, Parity, Status, The Ethereum Foundation and The Ethereum Cat Harders collaboration effort.
