Tech 7 June 2018Cecille de Jesus
Another critical bug surfaces for Ethereum client Parity
The team clarifies that the issue has been resolved and that users should upgrade to the patched versions.
Last night, Ethereum client Parity disclosed in a security alert that they have discovered another critical bug, this time in their consensus contract.
“Examining the issues with our nodes on Ropsten, we have found out that there is a potential consensus-related issue between Parity Ethereum (up to versions 1.10.4-stable and 1.11.1-beta) and all other Ethereum clients,” they wrote.
“In the worst case, submitting a certain malformed transaction (coming from a 0xfff…fff address) to a mining Parity Ethereum node could have caused that node to produce a malformed block, which would still be treated as valid by other affected Parity Ethereum nodes.”
They add that it could lead to a chain split if the affected nodes held a majority of the hashpower, but the split chain would dissolve otherwise.
“In case of such affected nodes providing a majority of hashpower on the net, this could have led to chain split. (If the majority of the hashpower wouldn’t be controlled by the affected nodes, the “correct” chain would still be longer at all times, and the bad block would just be discarded.)”
According to Coindesk, roughly 30% of the Ethereum network use Parity, and that would have been the magnitude of damage.But according to Parity’s post, the issue has been fixed before any exploits could have been made, and they urge everyone to upgrade to their patched versions 1.10.6-stable and 1.11.3-beta.
Parity has been the subject of conversation for quite some time now, and not for good reasons. Late last year, an accidental kill code caused some multi-signature wallets, mostly from corporate accounts to be wiped of their code, leaving 513,000 ETH to be locked and inaccessible to their owners. Two months ago, Parity made it clear that they will not be instigating a fork to undo the mistake, and there is currently no definite solution to recovering the funds. Researchers classified this vulnerability as a greedy contract, and is only one of 34,200 at-risk contracts they found on Ethereum early this year.
Last month, they announced that they are issuing newly developed smart contract procedures and maintenance guidelines, and that they have hired Kirill Pimenov as their head of security. The announcement came with a statement:
“We founded Parity Technologies with the aspiration to write the best and safest software we can. We’ve learned a lot from our past mistakes,” they wrote. “Having users affected by software bugs is an experience we would not wish on anyone. We would like for our bugs to be a catalyst for more secure Ethereum development.”
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.
Tech 19 May 2019
Future block reward halvings spell doom for Bitcoin Core but bright future for Bitcoin SV
nChain’s chief scientist Dr. Craig Wright has performed some calculations about future economics for Bitcoin Core (BTC).
Tech 17 May 2019
Democrat Andrew Yang believes blockchain ‘big part’ of US future
A candidate for Democratic presidential nomination has spoken out in favor of blockchain, saying the technology will be a “big part of our future.”
Tech 17 May 2019
How do solution providers deal with hacks? Just pay crypto ransom and move on
A damning new study has revealed the trick up the sleeve of some so-called ransomware solution providers—just pay the hackers their ransom in crypto.