according toblog.ethereum According to news, due to the discovery of major security vulnerabilities in the Ethereum Improvement Proposal (EIP 1283), the Constantinople hard fork originally scheduled to be carried out on the 7080000th block was postponed.
Founder of Week in EthereumEvan Van NessThe new hard fork date will be determined during the next core developer conference call on Friday, the company said. Ethereum Core DeveloperAfri Schoedonsecondary title
What should I do if a vulnerability occurs?
Regarding the handling of the EIP 1283 vulnerability, the Ethereum official also stated through a blog that the Constantinople hard fork will be postponed, that is, it will not be forked on the 7,080,000th block, and released related solutions:
For nodes, miners, and exchanges that have been upgraded and synchronized, the version needs to be updated in time after the new version of Geth or Parity is released. The new version is expected to be released within 3 to 4 hours of the blog release. The specific plan is as follows:
Geth version: upgrade to Geth 1.8.21; downgrade to Geth 1.8.19; if you want to stay on Geth 1.8.20, use the switch '-override.constantinople=9999999' to postpone the Constantinople fork indefinitely;
Parity Version: Upgrading to Parity Ethereum 2.2.7-stable or Parity Ethereum 2.3.0-beta is recommended; downgrading to Parity Ethereum 2.2.4-beta is not recommended.
For nodes, wallets, and token holders (network users) who have not been upgraded synchronously, no action is required now.
secondary title
What is a vulnerability?
At 0:00 Beijing time today, the smart contract audit companyChainSecurityPublished a report stating that there is a vulnerability in the Ethereum Constantinople code (EIP 1283) that could lead to a "reentrancy attack" - attacking related contracts, modifying user balances or other critical variables.
Why do reentrancy attacks occur? ChainSecurity believes that before the fork, a storage needs at least 5000 gas, which is far more than the 2300 gas sent when using "transfer" or "send" to call the contract; after the fork, a storage only needs 200 gas, and the attacker can pass Call some public functions, change required variables. For example, an attacker can call the attacker's contract, and only need to spend 2300 gas to successfully change the variables of the weak contract, including the account balance.
Of course, some conditions are required for the attack to be successful:
There must be a function a where "transfer/send" is immediately followed by a state-changing operation, which is sometimes not obvious;
The attacker must have a function B that can access function A to change the state, and the state change of B will conflict with function A;
Function B needs to be executed with less than 1600 gas (2300 gas fee - 700 gas call fee).
ChainSecurity reminds everyone that contracts can be prevented from being attacked by checking the following aspects:
Checks if there is any action after the transfer event.
Check if these operations have changed the storage state, most commonly by allocating some storage variables, checking which variables have been modified, making a list.
Check that any other methods in the contract that are accessible to non-admins use one of these variables;
Check that the methods themselves alter the storage state by themselves;
secondary title
When will the bug reoccur?
The re-entry attack in EIP 1283 has appeared many times in the development history of Ethereum, which is a persistent disease.
"In fact, this attack method has been well-known in Ethereum for a long time. I don't believe that the Ethereum community has not considered this issue." Hu Jingyu, an Ethereum researcher, told Odaily.
The biggest impact of reentrancy attacks is The DAO contract vulnerability incident. At that time, hackers used The DAO contract loopholes to transfer more than 40 million dollars worth of Ethereum (ETH). In order to regain funds, the Ethereum community decided to carry out a soft fork and a hard fork. As a result, there were differences within the community. Some chose to stay in the original chain (now ETC), and some chose to enter the new fork chain (ETH).
According to Hu Jingyu, in order to facilitate some logical operations, the Ethereum smart contract left a call method of "transfer() and send()", but it also left a security risk for developers. "But as long as developers know that there is such a security risk, they can ensure security by making more logical judgments when writing code."
As for whether the hard fork upgrade will be carried out next Monday, Hu Jingyu said that the specific time point for the hard fork upgrade should be undecided, because the official has not yet assessed the specific risks and formulated a solution.
