The Parity team was able to identify a bug that could seriously harm the ecosystem of Ethereum. As reported by the developers, on 3 February they received several reports that an attacker could send a specially crafted RPC request to the public node Ethereum Parity, which would cause a failure of its work. This vulnerability was exposed to all versions up to 2.2.9-stable and 2.3.2-beta. In particular, we are talking about small number of nodes serving the JSONRPC, that is, Infura, MyEtherWallet, MyCrypto and other public infrastructure elements.

In future versions this bug is fixed. The team also recommend you to update your node to the latest versions immediately after their release.

The fix is out—please update your nodes ASAP. https://t.co/t2bJLNuyZV

While the vulnerability only directly affects Parity Ethereum nodes that serve JSONRPC as a public service (e.g., Infura, MEW, MyCrypto, etc), we recommend everyone to update their nodes immediately.

— Parity Technologies (@ParityTech) February 3, 2019

Writes Trustnodes, at the moment Infura serving billions of requests per day, or about 70 percent of all decentralized applications, Ethereum network. Yet information about have used anyone for this issue. Furthermore, even if this happens, it will only lead to stop the service and does not imply financial losses. However, when failures occur at nodes Infura some applications would become unavailable.

At this stage not entirely clear what caused the bug. Probably Infura can use the Parity nodes along with the Geth in case any of them fails. Of course, much damage could not occur, however, such a centralized concentration of applications in Infura makes you wonder about the weaknesses of the Ethereum ecosystem as a whole.

Users dApps, in turn, can use your own nodes, according to current statistics, the number of which is only reduced. With 30 thousand nodes as of 2017 is now considered active, only about 8 thousand.

Discuss current news and events on the Forum

Source