The Ethereum Constantinople upgrade could see yet another delay as a new bug relating to self-destructing smart contracts has surfaced.
Ethereum Foundation (EF) developer Jason Carver brought to light the function of a new feature called Create2, which would allow developers to replace self-destructed contracts and change the rules.
Self-destruct bug
Carver wrote: “You can construct a pretty innocuous contract pre-Constantinople, one that has two possible outcomes from a transaction: {‘contract exists’: ‘swap tokens’, ‘contract self-destructs’: ‘waste some gas’}. Post-Constantinople, the options could now become {‘contract exists’: ‘swap tokens’, ‘contract self-destructs’: ‘waste some gas’, ‘contract replaced’: ‘all ERC20 tokens that were pre-approved to the contract are stolen’}…”
He added: “There are ways around each of these ‘social attacks’, but most of them require education. That will surely lag behind the Constantinople upgrade itself.”
Maltin Holst Swende, who is another developer at the Ethereum Foundation, also offered his view on the debate by saying: “The corollary being, as previously, that if someone verified the source, he should have noticed the SELFDESTRUCT (without a due inactivity period) and avoid interacting with it.”
This suggests that if a user wanted to buy an asset on the Ethereum blockchain, a CryptoKitty for example, they would have to read through the contract to verify if it might contain a self-destruct code.
Original vulnerability found “by accident”
The Constantinople upgrade was originally delayed on January 16th after a vulnerability was found by ChainSecurity, who spoke exclusively to Coin Rivet in regards to the delay, claiming that they found the vulnerability “by accident.”
A date in late February was set to retry the upgrade. However, in light of the latest developments, it may be pushed back further into spring.
For more news, guides, and cryptocurrency analysis, click here.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.