Ethereum’s potentially devastating flaw in its Constantinople fork was discovered by accident during a training exercise, it has been revealed.
The huge altcoin had been lining up the critical upgrade for yesterday morning, but the plug was pulled with hours to spare when a small team of developers in Switzerland stumbled upon a crucial security issue.
Had the problem gone unnoticed, Ethereum’s much-anticipated upgrade would have been left wide open to the very cyber attacks that the update was designed to prevent.
However, according to a Coin Rivet article for the Daily Express, it was in a small office in Zurich where the flaw that nearly brought Ethereum to its knees was discovered during a training session on Tuesday.
Caught his eye
Staff at ChainSecurity were preparing examples of how auditing crypto technology can be beneficial when one of the company’s founders – Dr Hubert Ritzdorf – saw something in the programming that caught his eye.
“We were looking at Constantinople from an internal training point of view to show people what auditing can do,” explained his colleague Matthias Egli.
“Hubert just happened to come across the flaw quite randomly which was very lucky for Ethereum as he happens to be one of the world’s best researchers in the security area.”
The tiny Swiss outfit flagged up the problem to the Ethereum Foundation which then mobilised its development team for an emergency meeting with multi-millionaire founder Vitalik Buterin.
“I was super impressed by their reaction – they immediately saw what was going on and brought more auditors in to verify our findings,” added Mr Egli.
“An hour or two later there were 50 people on a call and then, after some technical analysis, the decision was immediately made to delay Constantinople as the information was translated for clients around the world.
“It was an incredible response to witness and be a part of – I’ve seen how long it can take certain countries and businesses to reach consensus.”
Mr Egli – a hugely experience developer in this pace – also spoke of the excitement at witnessing how Vitalek Buterin and his team dealt with what was, potentially, a monumental disaster waiting to happen just hours before giving the green light to Constantinople.
“That’s the beautiful thing about this – we can talk easily with them, and Vitalik Buterin is very approachable about this,” he said.
“He actually mentioned that the reason for this happening was not the core Ethereum but the way Ethereum is used.
“He basically said we need to agree on what we’re going to change to keep it manageable, and after that the whole situation was just kept under control but happening with a really good speed.”
The issue discovered by Dr Ritzdorf related to a throwback from the June 2016 ‘DAO incident’ when a mysterious hacker stole $50m from Ethereum. To beef up security Buterin’s developers forced through a handful of hard forks and an adjustment to the gas limits (Ethereum uses ‘gas’ as the execution fee for any operation conducted on its platform).
The defect uncovered in Zurich on Tuesday was connected to the gas limits and an underlying side effect of Constantinople which opened the crypto up for dangerous ‘re-entrancy’ attacks. Had the flaw not been found, and the upgrade gone ahead as planned yesterday, Ethereum would have been completely exposed to hackers.
Ethereum announced to the public on Wednesday that it would not be implementing Constantinople this week. It gave no indication of when the upgrade will be going ahead.