Ethereum Constantinople Upgrade Postponed Due to Security Concerns

Ethereum Constantinople Upgrade Postponed Due to Security Concerns

At 12:08 PT on Tuesday, 15 January 2019, a decision was made to delay the Constantinople upgrade/fork for the Ethereum network originally scheduled at 4pm UTC, Thursday, 17 January 2019. A post from EvanVanNess, Infura, MyCrypto, Parity, Status, The Ethereum Foundation, the Ethereum Cat Herders, and assembled by Hudson Jameson broke down their reasoning and steps toward a pause in momentum. 

More Spice: Bitcoin White Paper Webcomic by Comics Legend Scott McCloud

Security Alert: Ethereum Constantinople Postponement

“The Ethereum Core Developers and the Ethereum Security Community were made aware of the potential Constantinople-related issues identified by ChainSecurity on January 15, 2019,” Hudson Jameson began. “We are investigating any potential vulnerabilities and will follow with updates in this blog post and across social media channels.”

The watchword during a fork as potentially momentus as Constantinople is caution. And so it is that the planned fork is being delayed. “This will require anyone running a node (node operators, exchanges, miners, wallet services, etc…) to update to a new version of Geth or Parity before block 7,080,000,” the alert continued. “Block 7,080,000 will occur in approximately 32 hours from the time of this publishing or at approximately January 16, 8:00pm PT / January 16, 11:00pm ET / January 17, 4:00am GMT.”

Ethereum Constantinople Upgrade Postponed Due to Security Concerns

Those who do not run a node are largely unaffected. Exchanges such as Poloniex tweeted in response, “ETH, USDC, and all other ERC-20 wallets have been disabled. We are reverting the Constantinople updates, and we will re-enable these wallets shortly. Your funds are safe, and there is nothing you need to do at this time.”

The formal alert by the Ethereum community urges node operators, miners, and exchanges to “Update your Geth and/or Parity instances when they are released. These releases are not released yet. We will update this post when they are available. Links and version numbers and instructions will be provided here when they are available. We expect to have updated releases in 3-4 hours from the time this blog is published,” which would place them at around 5:30pm-ish PT.

Non-Zero Risk

For “Ledger, Trezor, Safe-T, Parity Signer, WallEth, Paper Wallets, MyCrypto, MyEtherWallet and other users or token holders that do not participate in the network by syncing and running a node. You do not have to do anything,” they stressed. “Contract owners: You do not have to do anything. You may choose to examine the analysis of the potential vulnerability and check your contracts. However, you do not have to do anything as the change that would introduce this potential vulnerability will not be enabled.”

The post also summarizes ChainSecurity’s concerns, noting, “EIP-1283 introduces cheaper gas cost for SSTORE operations. Some smart contracts (that are already on chain) may utilize code patterns that would make them vulnerable to a re-entrancy attack after the Constantinople upgrade took place. These smart contracts would not have been vulnerable before the Constantinople upgrade.”

Researchers are still running blockchain analysis and, as of yet, haven not found real life vulnerabilities. But, again, with caution comes the non-zero risk standard, especially with billions of dollars on the line.

Ethereum Constantinople Upgrade Postponed Due to Security ConcernsCONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, Milk, might help sooth that crypto burn. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.