As highlighted in the Ethereum Foundation’s announcement, EIP-1283 introduces cheaper gas costs for SSTORE operations, but some smart contracts (that are already part of the chain) may utilise code patterns that would make them vulnerable to a re-entrancy attack after the Constantinople upgrade took place. These smart contracts would not have been vulnerable before the Constantinople upgrade.
An unexpected attack vector
This code is vulnerable in an unexpected way. The code simulates a secure treasury sharing service, where two parties can jointly receive funds, decide on how to split them, and receive a payout if they agree. By using certain functionality, an attacker could empty such a smart contract by using a fallback function to keep siphoning funds to the attacker’s address until the contract is empty.
ChainSecurity underlined how damaging this bug could be:
“In short, the attacker just stole other people’s Ether out of the PaymentSharer contract and can continue to do so.”
The new attack vector is only possible as EIP 1283 introduces reduced gas fees for certain storage operations, meaning an attacker could have the right economic incentive to act malicious.
What happens now?
After receiving the analysis and discussing the findings internally, core Ethereum Foundation members met through a video call and decided to postpone Constantinople, according to an Ethereum Foundation blog post.
As there were certain known risks and not enough time to safely analyse all threats, a decision was reached to postpone the fork out of an abundance of caution.
The parties involved in the discussions included:
- Security researchers
- Ethereum stakeholders
- Ethereum client developers
- Smart contract owners / developers
- Wallet providers
- Node operators
- dApp developers
At the time of writing, no revised date has been set for the Constantinople upgrade to take place.
Let’s hope the Ethereum developer team can defuse the situation and get on with the roadmap, which has already been delayed a number of times.