Ledger Nano S - The secure hardware wallet

Ethereum Constantinople postponed due to potential vulnerabilities

Just when everybody was anticipating the implementation of project Ethereum Constantinople , which is expected to deliver a abetter Ethereum performance, it was suddenly announced that the implementation was postponed.

The decision was reached after a discussion among Ethereum security researchers, stakeholders, client developer, smart contract owners, wallet providers, node operators, Dapp developers, and Media. That being said, one can say that it was a “concensus decision” indeed. Or was it?

According to the Ethereum blog, the decision was made after the Ethereum Core Developers and the Ethereal Security Community were made aware of the potential Constantinople-related issues, that  were identified by ChainSecurity on January 15, 2019. Ethereum is currently investigating these potential vulnerabilities and will inform the public as soon as they have further information.

According to  the ChainSecurity:

The upcoming Constantinople Upgrade for the ethereum network introducescheaper gas cost for certain SSTORE operations. As an unwanted side effect, this enables reentrancy attacks when using address.transfer or address.send(…) in Solidity smart contracts. Previously these functions were considered reentrancy-safe, which they aren’t any longer.

Ethereum Constantinople, if launched, would have introduced hard fork that would have occurred at block 7,080,000 on January 16, 2019. This would have required anyone running a node such as operators, exchange, miners, wallet services and other to update to a new version of Geth or Parity before block 7,080,00.

In explaining further the reason behind the postponement, Ethereum said that security researchers such as ChainSecurity and TrailOfBits ran their analysis across the entire Ethereum blockchain. Although they did not find any vulnerability cases, they found out that there is still a non-zero risk that some of their contracts may have been affected. Since the time it would require for the Constantinople upgrade is shorter than the amount of time to determine a risk, it was decided to postpone the upgrade.

So in the meantime, Ethereum is advising all concerned on the following course of actions depending on their stakes with Ethereum:

  • miners, exchanges and node operators are advised to update their Gerth and/or Parity instances when they are released;
  • while everyone else who do not participate in the network by synching and running a node don’t have to do anything

About Arnold Zafra

Arnold Zafra is a freelance tech blogger from the Philippines who is enthusiastic about cryptocurrency, decentralised apps and other emerging developments in the tech industry.

Ledger Nano S - The secure hardware wallet