BitMEX Research flags bug in Ethereum Parity full node

Getting your Trinity Audio player ready...

Cryptocurrency trading platform BitMEX has uncovered a serious bug in the Ethereum Parity full node, with significant consequences for data integrity. The bug was revealed alongside an announcement that the platform had launched a new site dedicated to monitoring nodes on the Ethereum blockchain.

The site, known as NodeStats, connects to five Ethereum nodes every five seconds to provide up to the second metrics covering the computational resources being used by each node. Notably, the press release announcing the new site identified a bug in the Ethereum Parity full node, with an apparent 12-day delay to fully sync with the main chain. 

It stated, “While analysing some of the metrics, we may have identified issues with respect to the integrity of the data reported by the nodes, which may be of concern to some Ethereum users. Nodestats.org was produced in collaboration with TokenAnalyst, who are BitMEX Research’s Ethereum network data and analysis partner.”

According to the researchers behind the project, this suggests the system could be suffering from initial sync issues, identified as a possibly significant problem for the ethereum blockchain. For the time being however, the sync remains faster than the rate of blockchain growth.

“While the slow initial sync is a potential problem, at least for this system setup, the Ethereum network has not yet reached a point where the node cannot catch up, as the sync is faster than the rate of blockchain growth,” according to the report. However, the researchers note that this could present significant problems for the blockchain if growth was to outstrip sync speeds.

There is also the suggestion of data integrity issues, with the Parity full node reporting full synchronisation, despite discrepancies of often hundreds of thousands of blocks.

Suggesting the bug “could be severe,” BitMEX called for urgent action to resolve the issue, stating, “One could argue the impact of this potential bug could be severe in some limited circumstances if exploited by a bad actor in the right way. For instance, a user could accept an incoming payment or a smart contract execution as verified, while their node claims to be at the network chain tip.”