The hard fork software on ethereum’s most popular client Geth has been retracted due to a denial-of-service (DoS) attack vulnerability.
Ethereum’s Byzantium hard fork is expected to happen in less than two days.
On finding the bug, ethereum developers pushed a new software release, but data from blockchain analytics site Ether Nodes shows a relatively low rate – only 1.9 percent of Geth nodes – of adoption.
With Geth responsible for about 75 percent of ethereum nodes, this could mean a large portion of the ethereum blockchain will be vulnerable to DoS attacks after the hard fork.
Explained by ethereum developer Casey Detrio on Reddit, the vulnerability stems from an oversight in one of the new Byzantium features. The risk is that this vulnerability could be exploited by a malicious agent fixed on taking down ethereum nodes – the kind of attack to which ethereum is well familiar.
Yesterday, ethereum’s second largest software client Parity issued
a new release of its Byzantium hard fork software (the fourth iteration) that corrected a “consensus bug” – an error which could have caused the network to partition. Currently, less than 20 percent
of Parity nodes have updated to the new release.
Both Parity and Geth faults are being discovered via some last minute “fuzz testing” – a thorough testing process that can reveal even the tiniest weaknesses in code.
Hard forks are hard
The surprises unearthed by the tests have been of unexpected severity, leading ethereum developers to question their approach to the hard fork release process.
Internal discussions are also underway about the possibility of postponing Byzantium, but this also causes issues. Doing that would require all nodes update their software with a later block time, and there’s no assuring this can happen with such little time before the fork.
In spite of these concerns, the Parity developer team tweeted that the fork should be delayed.
Speaking to CoinDesk, Detrio explained that “updating is not necessarily a quick and easy process for users with extensive infrastructure,” such as exchanges or mining pools, and requires ample time to be done correctly.
“The second concern is that there may be more undiscovered consensus bugs that could be found after the activation block, which would then result in needing to perform emergency client updates.”
This article was first published by Rachel Rose O’Leary at Coindesk