Constantinople Hardfork Code to be Included in Geth

Go-ethereum (Geth) v1.8.20 assumes that hardfork in the main Ethereum network will take place at block 7,080,000 (approx. between 14th - 19th Jan 2019)
13 December 2018   376

Developers of Geth, one of the most popular clients of Ethereum, presented a new version of the software with the included code of the upcoming hard fork Constantinople.

Go-ethereum (Geth) v1.8.20 assumes that hardfork in the main Ethereum network will take place at block 7,080,000.

Consensus regarding the block number for activating hard forks was reached last week during a regular video conference of leading Ethereum developers. According to Afri Shedona, release manager of another popular client of the network Parity, a block of 7,080,000 will be mined between January 14 and 18, 2019.

At the same time, Ethereum Foundation’s head of security noted that the new version of the go-ethereum client would contain a kind of “emergency switch” that would postpone the upgrade if something went wrong.

Originally scheduled for November, the Constantinople contains a number of changes and code optimizations designed to ease the transition to the Proof-of-Stake algorithm. In particular, they include the transfer by 18 months of the so-called “bomb of complexity”, which contributes to timely upgrades, and also suggests a decrease in the reward to miners from 3 to 2 ETH for the mined block.

Constantinople to be Postponed

Ethereum's hardfork will be late due to critical vulnerability found
16 January 2019   196

A scheduled upgrade of the Ethereum network called Constantinople was postponed indefinitely after a critical vulnerability was discovered in one of the improvements, CoinDesk reports.

This is a vulnerability in EIP-1283, which, as identified by the audit company SmartSecurity smart contracts, gave hackers the opportunity to steal user funds.

During a video conference on Tuesday with the participation of Ethereum developers and other clients and projects working on the network, it was decided to temporarily postpone the activation of the hard forks.

In particular, Vitaly Buterin, developers Hudson Jameson, Nick Johnson and Evan van Ness, as well as release manager of Parity Afri Shoedon took part in the meeting. Discussing the revealed vulnerability, they agreed that it would be impossible to eliminate it before the appointed time for hardfork (around 04:00 UTC on January 17).

A vulnerability, called a reentrancy attack, allows an attacker to repeatedly enter the same function and infinitely withdraw funds.

Imagine that my contract has a function which makes a call to another contract… If I’m a hacker and I’m able to trigger function a while the previous function was still executing, I might be able to withdraw funds.
 

Joanes Espanol

CTO, blockchain analytics firm Amberdata

According to him, this is a lot like the vulnerabilities that were discovered in The DAO in the summer of 2016.

Representatives of ChainSecurity also noted that up to the Constantinople hard fork, data storage on the network cost 5,000 units of gas, which exceeds the 2,300 gas usually needed to call the “transfer” and “send” functions. After the upgrade, “dirty” storage operations will cost 200 units of gas, and an attacking contract can use 2,300 gas to successfully manipulate the variables of vulnerable contracts.

New date of hardfork not yet determined.