Ethereum’s Constantinople Upgrade is Delayed Due to the Potential Vulnerability

The news broke out on January 15th, revealing that the long-anticipated Ethereum Constantinople, also dubbed Ethereum Improvement Proposal (EIP) 1283, is delayed. The delay was a result of the publication from the security research team from ChainSecurity, which explicitly described the programming flaw which could be exploited to steal users’ Ether (ETH) out of the PaymentSharer contract.

Reentry attack possibility

The possible attack is called “reentrancy”. This vulnerability makes it possible for an attacker to “reenter” the same function multiple times without revealing it to users. This would allow the attacker to withdraw funds endlessly.

“Imagine that my contract has a function which makes a call to another contract,” CTO of blockchain analytics firm Amberdata, Joanes Espanol, explained, and continued: “If I’m a hacker and I’m able to trigger function while the previous function was still executing, I might be able to withdraw funds.”

“Out of an abundance of caution, key stakeholders around the Ethereum community have determined that the best course of action will be to delay the planned Constantinople fork that would have occurred at block 7,080,000 on January 16, 2019,” stated the announcement on the Ethereum Blog, published the same day, just four hours after ChainSecurity’s vulnerability report.

Update nodes and wait for the decision

The Ethereum Foundation informed everybody who only interacts with the Ethereum network, without running a node, do not have to take any steps, while miners, exchanges, and other node operators need to update Geth and/or Parity instances as they are officially released.

Afri Schoedon, the hard fork coordinator at Ethereum, revealed that further steps will be decided in the all-core-developers’ meeting on Friday. According to him, the Constantinople upgrade will surely not take place this week.

It is important to mention that the same day that postponement became a reality, it was also revealed that just three days before the fork, only 16% of nodes were upgraded and ready for the implementation of the new Constantinople network rules.

The situation was recognized as a “huge problem” by The Ethereum Foundation co-founder Taylor Gerring.

Constantinople upgrade

Constantinople is a system-wide, backward-incompatible upgrade of the Ethereum network, focused on optimizing the network, increasing efficiency and reducing transaction fees. It can be viewed as the second phase of the Metropolis hard fork.

The first phase, Byzantium, took place in October 2017, when developers implemented upgrades on the network to lay down foundations for upcoming changes.

This is not the first time that Constantinople was postponed. The upgrade should have taken place in November last year, but was delayed due to the issues found while launching the upgrades on the Ropsten testnet.

The market is quick to react

As a result of the upgrade delay, the price of Ether (ETH) suffered a heavy blow as it immediately took a 7% slide towards $119.