Chain security, a Zurich-based smart contract audit company made a publication on January 15 stating that a security issue has been detected in the Constantinople Upgrade. As such, this vulnerability tagged “reentrancy attack” has delayed the Ethereum Hard Fork scheduled for 04:00 UTC on January 17.
Reentrancy Attack Enables a Hacker to Transfer Funds Repeatedly
The Constantinople Hard Fork is reportedly the second half of Ethereum’s network upgrade after the Byzantium’s first half. In light of the event that led to the former’s postponement, Chain security said it is because certain operations on Ethereum network will have a cheaper gas fee which leads to a reentrancy attack.
Reportedly, this attack enables a hacker to request for tokens from a smart contract repeatedly. Also, the attacker can manipulate the final amount held in the account to hide the fact that transactions have taken place. This security issue in the Constantinople code, therefore, makes it easy to steal cryptocurrency.
Chain Security also displayed the code in question and added that:
This code is vulnerable in an unexpected way: It simulates a secure treasury sharing service. Two parties can jointly receive funds, decide on how to split them, and receive a payout if they agree
Constantinople Hard Fork Postponed
Consequently, the scheduled Hard Fork has been temporarily delayed to fix this bug. The project’s core developers also noted that it was impossible to resolve the issue before the fork and as such as new date will be set for its commencement. This is a team of developers made up of Vitalik Buterin, Nick Johnson, Evan Van Ness, Hudson Jameson, and Afri Schoedon.
Afri Schoedon, Release Manager at Parity Technologies, a blockchain infrastructure provider, made a publication on Reddit to notify the community of the new development. He confirmed that the fork would not take place this week and in an emergency meeting with an all-core-devs call on January 18, a new date will be decided.
Crypto Enthusiasts are Unhappy With The New Development
Users of the social media platform who commented on Afri Schoedon’s update displayed their disapproval to the rescheduling. A user, for instance, noted that the uncertainty as to when the fork will occur is unwelcoming because this is the second time it has failed.
On the other hand, it is comforting to know that other smart contracts are safe as per Chain security’s publication. The company had also stated that after a scan was carried out on the main Ethereum Blockchain, more vulnerabilities were not detected. That being the case, other smart contracts are as safe as they can be.