Ethereum upgrade postpone after audit company reveals vulnerabilities

Ethtereum blockchain has announced that the scheduled update Constantinople has been delayed owing to “a consensus decision” by the “developers” of the blockchain. The postpone came after the smart contract audit firm Chain Security revealed in a medium post that the upgrade is focusing on minimizing the processing time thus consuming lower resource, however, the coding options did not take into account the security of the system.

Chain Security revealed that the system update would be opening the blockchain to vulnerabilities and less secure module information. Chain Security went on and shared the details of their audit of the code with an explanation. They revealed that the code allows merged transactions that would, in turn, allow scammers to attach their addresses as a secondary address in the blockchain transaction.

In this case, reducing the cost, i.e., “gas” in this case would be reduced to 200 gas in this scenario whereas the same vulnerability when executed before the Constantinople upgrade would cost at least 5000 gas thus making it higher than the regular transaction cost of 2300 gas. Flags would have been raised, and the attackers would be caught but not after the upgrade, it would not be possible.

Based on the Chain Security findings Ethereum blockchain had to call for a developer meeting, and a blog post was released to make users, miners, and node operators aware of the delay in the upgrade. The post where carries details of what the node operators, miners, and the users are required to it also states,

This will require anyone running a node (node operators, exchanges, miners, wallet services, etc…) to update to a new version of Geth or Parity before block 7,080,000. Block 7,080,000 will occur in approximately 32 hours from the time of this publishing or at approximately January 16, 8:00 pm PT / January 16, 11:00 pm ET / January 17, 4:00 am GMT.

The blockchain upgrade was announced a day after the exchange was hacked with a fifty-one percent (51%) attack on the blockchain causing them a loss of over two hundred and fifty thousand. Ethereum rolled out the announcement that directed the users to upgrade their wallets, mining client and their node client for the latest upgrade. However, Ethereum is now asking them to update taking into account the postpone.