Parity announces final Byzantium release

Parity has announced its final Byzantium release ahead of Ethereum hardfork
14 October 2017   2979

The second-largest provider of ethereum protocol software, Parity, has announced its final Byzantium release just days before Ethereum is to undergo a hardfork to upgrade its blockchain.

Thus, Parity's release was found to contain "consensus bugs" in the software that would force network nodes, the computers underlying the blockchain, to split onto a different version of the protocol.

As far as Parity is responsible for maintaining the software that runs nearly a quarter of the nodes on the Ethereum blockchain, the delay in releasing code caused panic and even led Ethereum's developer team to consider delaying the fork earlier today, as detailed by coindesk.com.

For now, it looks as though the Parity team has rescued the situation – Bzyandtium hardfork is scheduled for block 4,300,000 (about two days from now). Parity developer, Afri Schoedon, argues that although the client's team considered proposing a delay, it would be more complicated due to the work that's already been done in an attempt to execute it.

Pushing a fix for one client implementation is easier than pushing an update containing the delay for all clients, especially if this happens on such a short notice.
 

Afri Schoedon
Parity developer

According to the team, an announcement  that will include more details about testing and features is forthcoming.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   229

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.