Ethereum Fork Delayed Once Again as ChainSecurity Spots a Bug
Ethereum holders will have to wait for Constantinople upgrade to become an official thing as the fork just had another delay due to a discovered bug that could jeopardize users’ ETH funds.
The bug was initially spotted only a day before the fork should have taken place, on January 15th, by ChainSecurity.
ChainSecurity is a company that works on developing tools and services focused on keeping all blockchain-based projects secure.
On the matter of delaying the important update that was supposed to happen on January 16th once the block height reaches 7,080,000, ChainSecurity published an official blog post on Medium where they explained why delaying Constantinople once again was more than necessary.
Ethereum’s Constantinople Enables Reentrancy Attacks as a Negative Side Effect
Constantinople hard fork is designed to smoothen the network in a way to enable a frictionless transition from Proof of Work protocol to a less energy-consuming Proof of Stake as Ethereum platform is aiming at joining the club of PoS driven blockchain platforms.
Additionally, the update should bring lower rewards for miners, decreasing ETH rewards by 33% in oppose to the previous reward rates.
Moreover, the upgrade should introduce cheaper gas cost for certain operations, which apparently has a negative side effect in form of a bug that Chain Security managed to detect before the fork officially took place.
What is said to be one of the most important updates for Ethereum network once again encountered a delay, just as it was the case back in November 2018 after the update was tested in August the same year.
As stated in the original bug report compiled by ChainSecurity team, the spotted bug enables reentrancy attacks when using smart contracts in Solidity, which can result in having users’ accounts vulnerable to hacker attacks, risking stolen funds.
The vulnerability is not present in the initial short smart contract before Constantinople update, however, after Constantinople the source code becomes vulnerable to reentrancy attack.
ChainSecurity Working on Securing Ethereum Smart Contracts
ChainSecurity emphasized that the vulnerability appeared after Constantinople because the source code brought reduction to the price of gas for running certain smart contract operations, which provided a vulnerable spot through which hackers can get to users’ funds.
As stated in the official blog post, ChainSecurity is now working on securing all smart contracts on Ethereum network, adding that they haven’t discovered any vulnerable smart contracts on the network after scanning the entire Ethereum mainnet, conducted by using data from eveem.org.
The security team also provided details in the mentioned post on how smart contract users can check if their smart contracts are recording the detected vulnerability.
Furthermore, they stated that ethsecurity.otg is working together with ChainSecurity in order to expand the scanning process to more complex smart contracts that call for decompiling.
The team concluded their report by saying that they are planning on making the project open-source as soon as they are done with securing all smart contracts, thanking Tomasz Kolinko who worked on decompiling with symbolic execution which is the reason why ChainSecurity was able to scan smart contracts as fast as they did.