Cisco found many vulnerabilities in Ethereum's clients

According to Cisco's security experts, Ethereum network can face the risk of a simultaneous attack on all nodes immediately after the hardfork implementation
11 January 2018   1914

Specializing in cyberthreats, a division of the technological conglomerate Cisco Systems Inc. has detected a number of vulnerabilities in the software of Ethereum-client Parity and Ethereum C ++ (CPP).

As Cisco experts concluded, incorrect processing of smart contracts with the operational code create2 can trigger a DoS attack. An attacker can use the SHA1 function to handle a huge amount of data.

The implementation of create2 in the main network of Ethereum is planned within the second phase of the Metropolis' hardfork called Constantinople.

This vulnerability currently threatens only those nodes that already use the create2 opcode. However, in potential, the Ethereum network can run the risk of concurrently attacking all nodes immediately after the implementation of the hardware, when create2 will enter the default settings list.

In addition, according to Cisco, an attacker can obtain confidential information in the form of a smart contract address as a result of data leakage in the virtual machine Ethereum (EVM).

The Parity Ethereum client software is written in the Rust programming language and by default provides a JSON-RPC interface that supports a fairly "liberal" cross-domain query policy. When visiting malicious sites, an incorrect configuration of the daemon stream of the interface can lead to the leakage of confidential information. In addition, an attacker can access Parity settings and network configurations.

Security specialists also note that many APIs in CPP in JSON-RPC interface implementation are subject to the risk of malicious JSON-requests, which can help an attacker gain administrative rights to the limited functionality of such APIs bypassing the authorization process.

It is noteworthy that even the converter of IP-addresses in this case remains unprotected from CSRF- and SSRF-attacks.

Vulnerability in server implementation of JSON-RPC can also become a loophole for a potential DoS attack. Due to errors in the handling of some APIs, an attacker can send an incorrectly compiled JSON package and thereby block the normal operation of the node.

We Need 100k Transactions\Sec, - Buterin

During the conversation with the head of Abra Vitalik noted that the developers are focused on several main issues - scalability, privacy and ease of use
21 March 2019   104

The founder of Ethereum, Vitaly Buterin, expressed the opinion that for the network of the second most capitalized cryptocurrency, it is vital in the long run to achieve a throughput of 100 thousand transactions per second. It is reported by The Daily Hodl.

During the conversation with the head of Abra, Bill Barkhidt, Vitalik noted that the developers are focused on several main issues - scalability, privacy and ease of use.

As far as the big problems, my top three at this point are probably scalability, privacy and usability. So scalability – the Ethereum blockchain right now can process 15 transactions per second. Really, we need 100,000.

Vitalik Buterin

Creator, Ethereum 

According to him, in the context of solving the problem of scaling, the Ethereum team has high hopes for sharding.

There are two major kinds of strategies that we’re working on for scalability. One is layer-one scaling and the other is layer-two scaling. Layer-one scaling basically means improving the blockchain protocol itself to process a larger set of transactions. And the main bottleneck with blockchains right now is basically every user has to download the whole blockchain. Which basically means the blockchain can’t hold more transactions than one guy’s computer can store.

And our solution to this, called sharding, basically means that you split up the different transactions to randomly selected, different groups of computers. And this basically means that the blockchain can process way more things than one single computer can hold. And that can increase scalability by maybe a factor of 1,000 or so, but then potentially even more, much later down the road

Vitalik Buterin

Creator, Ethereum 

According to Vitalik, Ethereum developers also continue active work on second-level scaling solutions.

So there’s two major classes of systems we’re working on in this regard. One is called state channels. And there’s a bunch of teams working on this. There’s a team called L4 in Toronto that’s done some really good work. And another project is Plasma. And there’s a lot of work that’s been done on that. OmiseGo is this decentralized exchange that’s building on plasma. There’s TheMatter. There’s more and more of these projects. And then, there’s one of our researchers, Karl Floersch, who has been working on implementation of a reasonably complete Plasma prime specification, which is the latest version of Plasma – which has some really cool features in terms of increasing scalability and reducing the amount of data you have to store.

Vitalik Buterin

Creator, Ethereum 

Discussing the problem of scaling, Buterin mentioned Bitcoin. According to him, developers should achieve a significant increase bandwidth of Ethereum network. Otherwise, the second cryptocurrency capitalization will not be actively involved in everyday transactions and a significant market share will remain behind BTC.

If Bitcoin wishes to just be a store of value, then realistically it’s probably fine, though I think they should switch to proof-of-stake. If they want to actually be a currency that people use for transactions, then I do think base-layer scaling, and also speeding up the blockchain and reducing block times at the base layer, is also something which is very important.

Vitalik Buterin

Creator, Ethereum 

On the last day of winter hardfork Constantinople hardfork took place on the Ethereum network.