About the bug Constantinople was known in advance. The unexpected announcement of expert

On Wednesday, hardwork Ethereum Constantinople officially postponed indefinitely. The reason was the critical vulnerability found by a specialists ChainSecurity. According to experts in the field of security of cryptocurrency Sergio Damien Lerner, this bug was discussed on Coinspect a few months ago, it was known in advance. Sergio has over 15 thousand Twitter followers, many of whom are the developers of the Protocol. A reasonable question arises about why this error is not corrected at the right time.

We knew that some contracts will not be able to work on EIP1283. Then we even created a sample contract, which took into account the vulnerability. We were confident that the developers of Ethereum will take note of that.

Writes Trustnodes, Lerner also refers to a tweet that was published back in September.

Stop thinking that send () in Solidity protected from re-entry. This is not so. CALL on a lower level, without transfer of values can create a callback with the transfer of less than 2300 gas. Always use logical locks to protect from reentrancy.

Sergio notes that at the time they reported that Ethereum Foundation, because they were confident that the developers know about it.

I’m still sure that they should know. Why they decided to recheck the risk for 36 hours before the actual fork?

The answer to this question likely lies in the fact that a piece of code with this bug was added at the last minute. Recall that Constantinople was planned for mid-November, however, a bug in testate forced to postpone the launch.

The original Protocol EIP-1283 proposed in August 2018, but it was only adopted on 28 November 2018. That is, after the fork has been postponed due to the previous error, which had to be corrected, the developers have implemented a new code.

The developers of Metropolis declared a day off for the whole month of December. So now it is not clear whether there had been testing in that period. Acne Buterin himself said that the problem here lies in the “interaction” between different new features that are in the “cross-communication” do not show the behavior that they were expected to. More data look at cryptodata.

Subscribe to our channel in the Telegram. Here soon!

Leave a Reply

Your email address will not be published. Required fields are marked *