The long-awaited Ethereum Constantinople hard fork is facing delay after finding a critical vulnerability in one of the planned changes. ChainSecurity, a smart contract audit firm, flagged on Tuesday about the vulnerability. The firm noted that if the Ethereum Improvement Proposal (EIP) 1283 is implemented then the attackers will likely find a loophole in the code for siphoning off user funds.
All the developers and stakeholders involved in the Ethereum (ETH) Constantinople hard fork agreed to delay the upgrade temporarily. In the meantime, they will assess the concerned issue.
Some of the participants in the call who called off the Constantinople upgrade of Ethereum included:
- Vitalik Buterin (the famous creator of Ethereum)
- Hudson Jameson (developer)
- Nick Johnson (developer)
- Evan Van Ness (developer)
- Afri Schoedon (the Parity release manager)
Reports say the new date for the Ethereum Constantinople hard fork will be decided on Friday during another Ethereum dev call.
How did they reach the Decision of Delaying the Ethereum Constantinople Hard Fork?
Core developers of the project reached the conclusion of delaying the long-awaited network upgrade after they discussed the vulnerability online. They acknowledged the fact that the concerned bug would need significantly good amount of time in fixing. As the time needed for fixing the time would easily cross the designated execution time of the hard fork (January 17, 2019, 04:00 UTC), the core developers decided to temporarily stop the hard fork for now.
What was the Vulnerability that Abandoned the Ethereum Constantinople Upgrade?
Amberdata blockchain analytics firm’s CTO Joanes Espanol said that the reentrancy attack vulnerability allows attackers in reentering the same function repeatedly without having the need to update the user about the current state of affairs. Therefore, an attacker can withdraw funds forever. He went on to explain:
“Imagine that my contract has a function which makes a call to another contract… If I’m a hacker and I’m able to trigger function a while the previous function was still executing, I might be able to withdraw funds.”
Photo Credit: https://pixabay.com/