Constantinople to be Postponed

Ethereum's hardfork will be late due to critical vulnerability found
16 January 2019   550

A scheduled upgrade of the Ethereum network called Constantinople was postponed indefinitely after a critical vulnerability was discovered in one of the improvements, CoinDesk reports.

This is a vulnerability in EIP-1283, which, as identified by the audit company SmartSecurity smart contracts, gave hackers the opportunity to steal user funds.

During a video conference on Tuesday with the participation of Ethereum developers and other clients and projects working on the network, it was decided to temporarily postpone the activation of the hard forks.

In particular, Vitaly Buterin, developers Hudson Jameson, Nick Johnson and Evan van Ness, as well as release manager of Parity Afri Shoedon took part in the meeting. Discussing the revealed vulnerability, they agreed that it would be impossible to eliminate it before the appointed time for hardfork (around 04:00 UTC on January 17).

A vulnerability, called a reentrancy attack, allows an attacker to repeatedly enter the same function and infinitely withdraw funds.

Imagine that my contract has a function which makes a call to another contract… If I’m a hacker and I’m able to trigger function a while the previous function was still executing, I might be able to withdraw funds.
 

Joanes Espanol

CTO, blockchain analytics firm Amberdata

According to him, this is a lot like the vulnerabilities that were discovered in The DAO in the summer of 2016.

Representatives of ChainSecurity also noted that up to the Constantinople hard fork, data storage on the network cost 5,000 units of gas, which exceeds the 2,300 gas usually needed to call the “transfer” and “send” functions. After the upgrade, “dirty” storage operations will cost 200 units of gas, and an attacking contract can use 2,300 gas to successfully manipulate the variables of vulnerable contracts.

New date of hardfork not yet determined.

Societe Generale to Issue ETH DLT Based Bonds

Societe Generale SFH used the OFH security token, based on Ethereum's public blockchain to issue secured bonds for 100 million euros
24 April 2019   96

French banking corporation Societe Generale Group issued bonds in the form of security tokens, using the public Ethereum blockchain.

On Tuesday, the company announced that its division Societe Generale SFH used the OFH token to issue secured bonds worth 100 million euros. According to the investor services of the rating agency Moody’s, Societe Generale turned out to be the “sole investor” of the financial instrument and did not involve any third-party participants in its purchase.

A bond is issued for a five-year term with a 12-month grace period. The security presented by a token gives its holder the same rights as that issued in traditional form.

Moody’s argues that the use of the blockchain can have a positive effect on the rating of a financial institution, in particular due to increased transparency and reduced likelihood of errors resulting from the difficulties and the number of intermediaries involved in the process of issuing secured bonds using traditional means.

PwC auditing company acted as a technology consultant for the project, while French law firm Gide Loyrette Nouel provided legal support.

Earlier this month, Societe Generale-owned private bank Kleinwort Hambros announced the creation of a exchange traded note, intended for investment in the blockchain industry.