Just when everybody was anticipating the implementation of project Ethereum Constantinople , which is expected to deliver a abetter Ethereum performance, it was suddenly announced that the implementation was postponed.
[SECURITY ALERT] #Constantinople upgrade is temporarily postponed out of caution following a consensus decision by #Ethereum developers, security professionals and other community members. More information and instructions are below. https://t.co/p2znO8HGxf
— Ethereum (@ethereum) January 15, 2019
The decision was reached after a discussion among Ethereum security researchers, stakeholders, client developer, smart contract owners, wallet providers, node operators, Dapp developers, and Media. That being said, one can say that it was a “concensus decision” indeed. Or was it?
According to the Ethereum blog, the decision was made after the Ethereum Core Developers and the Ethereal Security Community were made aware of the potential Constantinople-related issues, that were identified by ChainSecurity on January 15, 2019. Ethereum is currently investigating these potential vulnerabilities and will inform the public as soon as they have further information.
According to the ChainSecurity:
The upcoming Constantinople Upgrade for the ethereum network introducescheaper gas cost for certain SSTORE operations. As an unwanted side effect, this enables reentrancy attacks when using address.transfer or address.send(…) in Solidity smart contracts. Previously these functions were considered reentrancy-safe, which they aren’t any longer.
Ethereum Constantinople, if launched, would have introduced hard fork that would have occurred at block 7,080,000 on January 16, 2019. This would have required anyone running a node such as operators, exchange, miners, wallet services and other to update to a new version of Geth or Parity before block 7,080,00.
In explaining further the reason behind the postponement, Ethereum said that security researchers such as ChainSecurity and TrailOfBits ran their analysis across the entire Ethereum blockchain. Although they did not find any vulnerability cases, they found out that there is still a non-zero risk that some of their contracts may have been affected. Since the time it would require for the Constantinople upgrade is shorter than the amount of time to determine a risk, it was decided to postpone the upgrade.
So in the meantime, Ethereum is advising all concerned on the following course of actions depending on their stakes with Ethereum:
- miners, exchanges and node operators are advised to update their Gerth and/or Parity instances when they are released;
- while everyone else who do not participate in the network by synching and running a node don’t have to do anything