Constantinople to be Postponed

Ethereum's hardfork will be late due to critical vulnerability found
16 January 2019   440

A scheduled upgrade of the Ethereum network called Constantinople was postponed indefinitely after a critical vulnerability was discovered in one of the improvements, CoinDesk reports.

This is a vulnerability in EIP-1283, which, as identified by the audit company SmartSecurity smart contracts, gave hackers the opportunity to steal user funds.

During a video conference on Tuesday with the participation of Ethereum developers and other clients and projects working on the network, it was decided to temporarily postpone the activation of the hard forks.

In particular, Vitaly Buterin, developers Hudson Jameson, Nick Johnson and Evan van Ness, as well as release manager of Parity Afri Shoedon took part in the meeting. Discussing the revealed vulnerability, they agreed that it would be impossible to eliminate it before the appointed time for hardfork (around 04:00 UTC on January 17).

A vulnerability, called a reentrancy attack, allows an attacker to repeatedly enter the same function and infinitely withdraw funds.

Imagine that my contract has a function which makes a call to another contract… If I’m a hacker and I’m able to trigger function a while the previous function was still executing, I might be able to withdraw funds.
 

Joanes Espanol

CTO, blockchain analytics firm Amberdata

According to him, this is a lot like the vulnerabilities that were discovered in The DAO in the summer of 2016.

Representatives of ChainSecurity also noted that up to the Constantinople hard fork, data storage on the network cost 5,000 units of gas, which exceeds the 2,300 gas usually needed to call the “transfer” and “send” functions. After the upgrade, “dirty” storage operations will cost 200 units of gas, and an attacking contract can use 2,300 gas to successfully manipulate the variables of vulnerable contracts.

New date of hardfork not yet determined.

Quoine Found Guilty for Reversing B2C2's Deals

Quoine exchange cancelled B2C2 transactions worth 3085 BTC due to the fact its ETH to BTC exchange rate was 125 times higher than average
15 March 2019   144

The Singapore International Court of Commerce has found Quoine guilty of canceling B2C2 liquidity provider transactions in the amount of 3,085 BTC. It is reported by The Business Times.

According to the court, having canceled the transactions concluded by B2C2 on the “uncharacteristic” rate in April 2017, Quoine “violated the terms of the contract and did not comply with its obligations”.

B2C2 created seven orders for the sale of Ethereum with 10 bitcoins per unit, which was 125 times higher than the exchange rate set at that time.

The funds received were automatically credited to the B2C2 exchange account, and 308 ETH - was withdrawn. The next day, Quoine rejected the deal, and the balances on the accounts were set at the values ​​before they were concluded.

B2C2 through court demanded to recover 3085 BTC from Quoine, because under the terms of the contract the exchange “had no right to unilaterally cancel the transaction after their conclusion”.

However, the court, having recognized the exchange as guilty, did not agree with the amount of compensation, taking into account the “substantially increased” rate of Bitcoin from the moment of filing the claim. Its size will be determined at the time of the next hearing.

Note that at the time of the transaction 3085 BTC amounted to $ 3.7 million, at the current exchange rate this amount would be almost $ 12 million.

Quoine representatives did not rule out that they would appeal this judgment.