DoS Vector Discovered In Ethereum Constantinople: Release Is DelayedOct 7, 2018, 8:17AM
Ethereum's next update has been rescheduled due to the possibility of a denial-of-service attack. Who will be affected as the devs fix the issue?
Ethereum’s Constantinople hard fork, which was scheduled to be tested early next week, has been delayed due to a denial-of-service attack. The Ethereum core dev community has decided to postpone Constantinople’s release on the Ropsten testnet by five days, moving the date from October 9 to October 14.
Peter Szilagyi broke the news, explaining that the Ethereum Virtual Machine (EVM) contains a bug that would allow denial-of-service (DoS) attacks. The bug would have allowed attackers to force clients to repeatedly hash large amounts of code, rendering the clients non-functional.
Via community decision, we've delayed the #Ethereum Ropsten testnet Constantinople hard fork by 1 epoch to block #4230000 (+5 days) to allow clients to implement, test and release an update to CREATE2, countering a recently found EVM DoS attack vector.https://t.co/q0bUyj3GfR— Péter Szilágyi (@peter_szilagyi) October 4, 2018
The decision to delay Constantinople concerns the Ropsten testnet, which is meant to catch problems such as this before they affect a public release on the mainnet. Nevertheless, the DoS bug could break the testnet and in turn distract other testing efforts. As core developer, Alexey Akhunov explains,
If there are tests you can run on the clients before going into the testnet, you should run them first.
Although testing does not directly affect users on the mainnet, core developers are working under pressure from external dApp and smart contract developers who do rely on a stable testnet. As one core developer notes,
We might say it’s acceptable to break a test network, but plenty of devs think of it as a place to test their contracts. / Jason Carver
Decentralized applications are a central part of Ethereum’s appeal, and Ethereum is already in a tight spot due to a vast array of competing platforms with improved features. As such, satisfying the needs of app developers is crucial, even before Constantinople’s mainnet release reaches the public.
Disclaimer: information contained herein is provided without considering your personal circumstances, therefore should not be construed as financial advice, investment recommendation or an offer of, or solicitation for, any transactions in cryptocurrencies.