Ethereum’s upcoming hard fork, codenamed ‘Constantinople,’ has been delayed once again due to the discovery of a new security vulnerability. The issue was revealed on Tuesday by Chainsecurity, a company that is responsible for auditing Ethereum’s smart contracts. What risks did the bug introduce, and when will Constantinople finally be released?
The Bug In Detail
According to Chainsecurity, the vulnerability would have permitted malicious actors to carry out “reentrancy attacks,” allowing them to use a function repeatedly and withdraw funds continuously. This strategy is well known: reentrancy attacks were previously used in the infamous DAO attack of 2016.
That attack was one one of the largest crypto attacks of all time, making reentrancy a potentially serious issue. However, this reentrancy bug relies on the fact that Constantinople will reduce the gas cost of smart contract storage operations, meaning that the bug is not currently a problem on the main Ethereum blockchain.
Chainsecurity states that it has scanned the Ethereum mainnet and found no vulnerabilities. However, the company is digging more deeply and has noted that the bug poses a potential risk to decentralized exchanges. Fortunately, those bugs are currently unexploitable, but Chainsecurity is nevertheless urging “careful analysis” of smart contracts.
Suggested Reading : Learn how to protect your MIOTA.
Constantinople Constantly Delayed
Ethereum’s Constantinople hard fork was originally scheduled for late 2018. However, a number of issues pushed the upgrade back significantly. In early October, Constantinople was delayed for the first time by the discovery of a denial-of-service (DOS) attack vector. That delay was compounded by a testnet consensus problem that occurred a few weeks later.
Since November, Constantinople has been scheduled for mid-January, making the new reentrancy bug a last-minute discovery. It’s not clear if the bug’s discovery is merely bad timing, or if testing efforts became more rigorous leading up to the hard fork date. In any case, developers will be scheduling a new date on Friday, January 18th.
When Constantinople is eventually released, it will bring a number of important changes to Ethereum, including scalability improvements and new developer features. Most importantly, Constantinople will reduce mining rewards to pave the way for staking. This has caused minor controversy, but will probably not impede the upgrade when it is finally executed.