Two weeks before the new activation date in Ethereum updates Constantinople it again a vulnerability was discovered that after the upgrade of the network may affect some smart contracts, has the function of self-destruction. According to the developer of Ethereum Foundation Jason Carver (Jason Carver), vulnerability Create2 allows to replace part of the code that does not represent a risk in the current version of the Protocol, but after the introduction of Constantinople can be used to steal all the selected ERC20-tokens smart contract.
Developers looking for a way to protect users from this risk and re-charge, and at the moment as a temporary measure, Carver encouraged them not to interact with smart contracts, in which you’ll find a self-destruction function without a certain period of inactivity. However, he was not sure until February 27, the team Ethereum Foundation will be able to notify Create2 all potential victims.
Recall that the activation of Constantinople to take place on the block 7280000. Improvement EIP-1283, in which was discovered a vulnerability that caused the transfer of hard forks 36 hours before selected for this unit will be completely excluded from updates by using the fix, Petersburg. However “ice age” in Ethereum has brought the extract one block to 21 seconds and reduce daily emissions to a historic low of 13 000 ETH.
.
Source
