Tech 7 June 2018Cecille de Jesus
Another critical bug surfaces for Ethereum client Parity
The team clarifies that the issue has been resolved and that users should upgrade to the patched versions.
Last night, Ethereum client Parity disclosed in a security alert that they have discovered another critical bug, this time in their consensus contract.
“Examining the issues with our nodes on Ropsten, we have found out that there is a potential consensus-related issue between Parity Ethereum (up to versions 1.10.4-stable and 1.11.1-beta) and all other Ethereum clients,” they wrote.
“In the worst case, submitting a certain malformed transaction (coming from a 0xfff…fff address) to a mining Parity Ethereum node could have caused that node to produce a malformed block, which would still be treated as valid by other affected Parity Ethereum nodes.”
They add that it could lead to a chain split if the affected nodes held a majority of the hashpower, but the split chain would dissolve otherwise.
“In case of such affected nodes providing a majority of hashpower on the net, this could have led to chain split. (If the majority of the hashpower wouldn’t be controlled by the affected nodes, the “correct” chain would still be longer at all times, and the bad block would just be discarded.)”
According to Coindesk, roughly 30% of the Ethereum network use Parity, and that would have been the magnitude of damage.But according to Parity’s post, the issue has been fixed before any exploits could have been made, and they urge everyone to upgrade to their patched versions 1.10.6-stable and 1.11.3-beta.
Parity has been the subject of conversation for quite some time now, and not for good reasons. Late last year, an accidental kill code caused some multi-signature wallets, mostly from corporate accounts to be wiped of their code, leaving 513,000 ETH to be locked and inaccessible to their owners. Two months ago, Parity made it clear that they will not be instigating a fork to undo the mistake, and there is currently no definite solution to recovering the funds. Researchers classified this vulnerability as a greedy contract, and is only one of 34,200 at-risk contracts they found on Ethereum early this year.
Last month, they announced that they are issuing newly developed smart contract procedures and maintenance guidelines, and that they have hired Kirill Pimenov as their head of security. The announcement came with a statement:
“We founded Parity Technologies with the aspiration to write the best and safest software we can. We’ve learned a lot from our past mistakes,” they wrote. “Having users affected by software bugs is an experience we would not wish on anyone. We would like for our bugs to be a catalyst for more secure Ethereum development.”
Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Satoshi Vision (BSV) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BSV is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.
Tech 15 January 2019
Accenture leads firms in assessment for blockchain services
Professional services company Accenture was among the firms assessed by Everest Group as most capable of delivering blockchain solutions successfully.
Tech 15 January 2019
Cryptojackers remain biggest malware threat
Cryptocurrency mining remains the most prevalent use for malware distribution, according to the latest study by Check Point Software Technologies Ltd.
Tech 14 January 2019
Smart-card based wallets for a smarter, more secure wallet
Wright points out that a smart-card application tied to a wallet can offer better security for crypto assets while also allowing for private system authentication.