Tech 7 June 2018

Cecille de Jesus

Another critical bug surfaces for Ethereum client Parity

The team clarifies that the issue has been resolved and that users should upgrade to the patched versions.

Last night, Ethereum client Parity disclosed in a security alert that they have discovered another critical bug, this time in their consensus contract.

“Examining the issues with our nodes on Ropsten, we have found out that there is a potential consensus-related issue between Parity Ethereum (up to versions 1.10.4-stable and 1.11.1-beta) and all other Ethereum clients,” they wrote.

“In the worst case, submitting a certain malformed transaction (coming from a 0xfff…fff address) to a mining Parity Ethereum node could have caused that node to produce a malformed block, which would still be treated as valid by other affected Parity Ethereum nodes.”

They add that it could lead to a chain split if the affected nodes held a majority of the hashpower, but the split chain would dissolve otherwise.

“In case of such affected nodes providing a majority of hashpower on the net, this could have led to chain split. (If the majority of the hashpower wouldn’t be controlled by the affected nodes, the “correct” chain would still be longer at all times, and the bad block would just be discarded.)”

According to Coindesk, roughly 30% of the Ethereum network use Parity, and that would have been the magnitude of damage.But according to Parity’s post, the issue has been fixed before any exploits could have been made, and they urge everyone to upgrade to their patched versions 1.10.6-stable and 1.11.3-beta.

Parity has been the subject of conversation for quite some time now, and not for good reasons. Late last year, an accidental kill code caused some multi-signature wallets, mostly from corporate accounts to be wiped of their code, leaving 513,000 ETH to be locked and inaccessible to their owners. Two months ago, Parity made it clear that they will not be instigating a fork to undo the mistake, and there is currently no definite solution to recovering the funds. Researchers classified this vulnerability as a greedy contract, and is only one of 34,200 at-risk contracts they found on Ethereum early this year.

Last month, they announced that they are issuing newly developed smart contract procedures and maintenance guidelines, and that they have hired Kirill Pimenov as their head of security. The announcement came with a statement:

“We founded Parity Technologies with the aspiration to write the best and safest software we can. We’ve learned a lot from our past mistakes,” they wrote. “Having users affected by software bugs is an experience we would not wish on anyone. We would like for our bugs to be a catalyst for more secure Ethereum development.”

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

Blockchain analyst CipherBlade criticizes WSJ journalism, or lack thereof

Tech 22 March 2019

Blockchain analyst CipherBlade criticizes WSJ journalism, or lack thereof

CipherBlade, a blockchain investigation firm, has concluded that the Wall Street Journal (WSJ) has overstated its previous claims about the cryptocurrency exchange ShapeShift.

Read More
Unwriter announces Bottle, a Bitcoin browser

Tech 22 March 2019

Unwriter announces Bottle, a Bitcoin browser

Looking to find a way out of the world wide web, Unwriter has released Bottle, a new browser exclusively for the Bitcoin SV network.

Read More
Money Button CEO: How to upload large files to Bitcoin SV blockchain

Tech 22 March 2019

Money Button CEO: How to upload large files to Bitcoin SV blockchain

OP_Return has a 100KB upload limit, but Ryan X Charles will show you how you can upload much larger files with a new tool from Money Button.

Read More