Parity announces final Byzantium release

Parity has announced its final Byzantium release ahead of Ethereum hardfork
14 October 2017   1945

The second-largest provider of ethereum protocol software, Parity, has announced its final Byzantium release just days before Ethereum is to undergo a hardfork to upgrade its blockchain.

Thus, Parity's release was found to contain "consensus bugs" in the software that would force network nodes, the computers underlying the blockchain, to split onto a different version of the protocol.

As far as Parity is responsible for maintaining the software that runs nearly a quarter of the nodes on the Ethereum blockchain, the delay in releasing code caused panic and even led Ethereum's developer team to consider delaying the fork earlier today, as detailed by coindesk.com.

For now, it looks as though the Parity team has rescued the situation – Bzyandtium hardfork is scheduled for block 4,300,000 (about two days from now). Parity developer, Afri Schoedon, argues that although the client's team considered proposing a delay, it would be more complicated due to the work that's already been done in an attempt to execute it.

Pushing a fix for one client implementation is easier than pushing an update containing the delay for all clients, especially if this happens on such a short notice.
 

Afri Schoedon
Parity developer

According to the team, an announcement  that will include more details about testing and features is forthcoming.

Constantinople to be Postponed

Ethereum's hardfork will be late due to critical vulnerability found
16 January 2019   180

A scheduled upgrade of the Ethereum network called Constantinople was postponed indefinitely after a critical vulnerability was discovered in one of the improvements, CoinDesk reports.

This is a vulnerability in EIP-1283, which, as identified by the audit company SmartSecurity smart contracts, gave hackers the opportunity to steal user funds.

During a video conference on Tuesday with the participation of Ethereum developers and other clients and projects working on the network, it was decided to temporarily postpone the activation of the hard forks.

In particular, Vitaly Buterin, developers Hudson Jameson, Nick Johnson and Evan van Ness, as well as release manager of Parity Afri Shoedon took part in the meeting. Discussing the revealed vulnerability, they agreed that it would be impossible to eliminate it before the appointed time for hardfork (around 04:00 UTC on January 17).

A vulnerability, called a reentrancy attack, allows an attacker to repeatedly enter the same function and infinitely withdraw funds.

Imagine that my contract has a function which makes a call to another contract… If I’m a hacker and I’m able to trigger function a while the previous function was still executing, I might be able to withdraw funds.
 

Joanes Espanol

CTO, blockchain analytics firm Amberdata

According to him, this is a lot like the vulnerabilities that were discovered in The DAO in the summer of 2016.

Representatives of ChainSecurity also noted that up to the Constantinople hard fork, data storage on the network cost 5,000 units of gas, which exceeds the 2,300 gas usually needed to call the “transfer” and “send” functions. After the upgrade, “dirty” storage operations will cost 200 units of gas, and an attacking contract can use 2,300 gas to successfully manipulate the variables of vulnerable contracts.

New date of hardfork not yet determined.