The Ethereum Constantinople update has been postponed due to possible issues in EIP 1283 discovered by ChainSecurity, a smart contract auditing research company.
As highlighted in the Ethereum Foundation’s announcement, EIP-1283 introduces cheaper gas costs for SSTORE operations, but some smart contracts (that are already part of the chain) may utilise code patterns that would make them vulnerable to a re-entrancy attack after the Constantinople upgrade took place. These smart contracts would not have been vulnerable before the Constantinople upgrade.
This code is vulnerable in an unexpected way. The code simulates a secure treasury sharing service, where two parties can jointly receive funds, decide on how to split them, and receive a payout if they agree. By using certain functionality, an attacker could empty such a smart contract by using a fallback function to keep siphoning funds to the attacker’s address until the contract is empty.
ChainSecurity underlined how damaging this bug could be:
“In short, the attacker just stole other people’s Ether out of the PaymentSharer contract and can continue to do so.”
The new attack vector is only possible as EIP 1283 introduces reduced gas fees for certain storage operations, meaning an attacker could have the right economic incentive to act malicious.
After receiving the analysis and discussing the findings internally, core Ethereum Foundation members met through a video call and decided to postpone Constantinople, according to an Ethereum Foundation blog post.
As there were certain known risks and not enough time to safely analyse all threats, a decision was reached to postpone the fork out of an abundance of caution.
The parties involved in the discussions included:
At the time of writing, no revised date has been set for the Constantinople upgrade to take place.
Let’s hope the Ethereum developer team can defuse the situation and get on with the roadmap, which has already been delayed a number of times.
Las Vegas, US, 1st November 2024, Chainwire
From digital art to real-estate assets, NFTs have become a significant attraction for investors who…
Singapore, Singapore, 21st October 2024, Chainwire
HO CHI MINH, Vietnam, 17th October 2024, Chainwire
London, UK, 16th October 2024, Chainwire
Sinagpore, Singapore, 16th October 2024, Chainwire