ethereum hard fork

Bug Delays Ethereum Constantinople Upgrade yet Again

The release date of Ethereum’s Constantinople upgrade, which is set to enhance the Ethereum network massively, has been postponed several times. And yet again, we have heard the news that there will be another delay in the much-awaited upgrade due to a vulnerability uncovered during a planned change. The planned release date timing of the upgrade was originally scheduled for January 17, 2019 at 04:00 UTC.

During an on-call discussion between developers of clients, Ethereum developers, and projects running the network, the decision to delay the hard fork was taken collectively.

The stakeholders who arrived at the decision included developers Nick Johnson, Hudson Jameson, Evan Van Ness, Parity release manager Afri Schoedon, and last but not the least Ethereum founder Vitalik Buterin. The project’s team has said that the bug would take some time to be fixed, hence the delay could not be avoided.

The automated smart contract auditing platform, ChainSecurity recently revealed that the vulnerability has been found in the Ethereum Improvement Proposal (EIP) 1283. As per the revelation, the EIP 1283 can potentially give hackers access to the code. Such access could be used for stealing funds.

Joanes Espanol, the Chief Technology Officer of Blockchain analytics company Amberdata elaborated on the vulnerability explaining that the bug is rightly called the ‘reentrancy attack’ as it gives hackers access to the same function multiple times while the user is unaware. Consequently, hackers could withdraw funds continuously. The vulnerability brings to mind the infamous DAO attack which took place in the year 2016. Espanol said,

“Imagine that my contract has a function which makes a call to another contract… If I’m a hacker and I’m able to trigger function a while the previous function was still executing, I might be able to withdraw funds.”

Interestingly, the Constantinople upgrade was previously finalised for release in 2018. Thereafter, the project faced a delay after vulnerabilities were discovered while launching the upgrade on the Ropsten tesnet. With another delay on the cards, the launch of the Constantinople upgrade remains in the limbo. Let’s wait and watch to see if Ethereum makes any official announcement on the final launch date.