January 16, 2019. Ethereum cancels the upcoming Constantinople Upgrade to its blockchain network because of new security issues that have been identified just in time before the planned hard fork would have occurred.
ChainSecurity, a smart contract audit firm has identified an issue with the Ethereum Improvement Proposal (EIP) no. 1283. This proposal, when implemented, will adjust gas cost for the SSTORE Operation Code. Someone can use the vulnerability to steal ether from the “paymentsharer” contract. This is made possible because of reduced gas cost:
“Before Constantinople, every storage operation would cost at least 5000 gas. This far exceeded the gas stipend of 2300 sent along when calling a contract using transfer or send.
After Constantinople, storage operations which are changing “dirty” storage slots cost only 200 gas.”
Because of this, key leaders around the Ethereum community decided to delay the Constantinople Hard Fork which is supposed to occur at block 7,080,00. Anyone can check the current block here.
Miners, exchanges, node operators, and wallet services are advised to update to a new version of Geth and/or Parity instances when they are released.
Everyone else who holds ether in their wallets, whether hardware, paper, or MyEtherWallets, since they do not actively participate in the network by syncing or running a node, there is no need to do anything.
At 3:09 am PT, the audit firm ChainSecurity disclosed the vulnerability on the Ethereum Foundation’s bug bounty program. The Ethereum Foundation asked ChainSecurity to disclose it to the public. Within the next 2 hours, members of the Ethereum Community, which comprises of client developers, stakeholders, wallet provides, node operators, Dapp developers, security researches, smart contract developers, and the media have discussed how to move forward. Because the amount of time needed to determine the risk of this vulnerability is longer than the number of hours before the planned Constantinople upgrade, the decision to postpone the fork has been reached.
In the Philippines, Coins.ph, which has a licensed Ethereum wallet service announced that they will not be halting ETH-related activities in the Coins PH app, a decision made since the Constantinople upgrade won’t be happening.
This article is originally published at BitPinas on January 16, 2019: Ethereum Constantinople Upgrade Delayed