The developers of Ethereum Foundation reported a new bug in the upcoming launch of the network refresh Constantinople. As reported Trustnodes, discovered the vulnerability affects some smart contracts with the ability to self-destruct.
So, the function is called Create2 can replace the self-destruct smart contract, simultaneously changing the specified rules and can potentially result in the loss of funds.
“The destruction function will not be additional risk in the current Protocol version, but after upgrade code can be used to steal all the selected tokens smart contract”, — said the developer of Ethereum Foundation Jason Carver.
It is recommended that users carefully examine the code of the smart contract to determine whether it functions self-destruct without a proper period of inactivity and then not interact with it.
Among possible technical solutions to this problem, the developers propose to prescribe the functions Create2 additional protection against re-play.
It is expected that fixing the bug will not affect the activation date hard forks Constantinople, to be held between 26 and 28 February.
We will remind, in the middle of last months upgrade in Ethereum was postponed due to a critical vulnerability in the EIP-1283, which potentially allowed attackers to steal user funds.
Source
