The planned upgrade of Ethereum called Constantinople was postponed indefinitely after discovered a critical vulnerability in one of the improvements, according to CoinDesk.

We are talking about vulnerabilities EIP-1283, which revealed that the company’s audit smart contracts ChainSecurity, gave hackers the ability to steal user funds.

During the Tuesday videoconference with the participation of the Ethereum developers and other customers and projects running on the network, it was decided to temporarily postpone the activation of hard forks.

In particular, the meeting was attended by Vitaliy Buterin, the developers of Hudson Jameson, Nick Johnson and Evan van ness, as well as release Manager Parity Africa Choedon. Discussing the identified vulnerability, they agreed that to resolve it before the appointed time hard forks (about 04:00 UTC on 17 January), it will be impossible.

The vulnerability, called the re-entry attack, allows attacking multiple number of times to constitute one and the same function and infinitely withdraw funds.

“Imagine that my contract has the function call of another project. If I am a hacker and can run this function while the previous is still running, I get the ability to withdraw funds”, — explained the CTO of the research firm CoinDesk Joanes Espanyol.

According to him, it is reminiscent of the vulnerability that in the summer of 2016 was discovered in The DAO.

Representatives ChainSecurity also noted that to hard forks Constantinople a storage operation of data in the network cost 5000 units of gas, which is more than 2300 items, is usually required to call functions “transfer” and “send”. After the upgrade the “dirty” operation of storage will cost 200 units of gas, and attacking the contract can use 2300 units of gas to successfully manipulate variables vulnerable contracts.

Hard forks a new date has not been determined.

We will remind, earlier the head of public relations Ethereum Foundation Hudson Jameson said that on the eve of Constantinople among developers is dominated by “cautious optimism”.

Source