How A Security Vulnerability Affected Ethereum And Led To A Chain Split

The Ethereum network is facing a chain split after an exploit forced over 50% of its nodes to upgrade their client to prevent further attacks. This security vulnerability was detected, reported, and fixed by Go Ethereum, developers of the affected client, Geth.

On August 24th, 2021, via their official Twitter handle, Go Ethereum and its Team Lead, Péter Szilágyi, released Geth v1.10.8. Users were encouraged to update to this new version to “avoid attacks on Ethereum and downstream projects”.

Specifically, the vulnerability affects version 1.10.0 or previous versions of the Geth EVM causing nodes to be unable to process the chain, Go Ethereum revealed on a GitHub repository. The bug was found by Guido Vranken, a member of blockchain security firm Sentnl while auditing the Telos EVM.

The biggest concern is that the security vulnerability could enable double-spending attacks. In other words, an exploit that would allow a bad actor to disrupt the blockchain and spent the same Ethereum based asset twice.

Data from Ethernodes.org indicates that Geth is the most used client with 3,958 nodes (74.67% of the Ethereum network), followed by Openethereum with 980 (18.49%), erigon 249 (4.70%), and others as seen below.

Ethereum ETH ETHUSD
Source: Ethernodes.org

Therefore, a large portion of the network was susceptible to this vulnerability, but the majority of the nodes upgraded to the newest version. BTC.com and exchange Binance recently reported that their nodes are running the newest version of the client.

Still, Research Igor Igamberdiev found evidence of bad actors trying to exploit the vulnerability. The bug can affect other blockchains, such as Binance Smart Chain (BSC) and Polygon, EVM compatible.

Thus, Igamberdiev reported the address used for the exploit on Ethereum and the BSC. The research claimed that there was no exploit on Polygon.

Infura, a major Ethereum-based infrastructure provided, reported no issues related to the bug. The company confirmed that its nodes were successfully upgraded:

Earlier today, a security vulnerability was exploited on the Ethereum mainnet affecting geth versions <1.10.8. Infura is unaffected by this exploit. We were in close contact with Ethereum Foundation and our infrastructure was updated upon release of the hotfix on the 24th.

Ethereum And Its Security Bugs, The Price To Pay For Its Development?

The incident was used by Ethereum detractors to emphasize the problems that affect the network. Others, like Kevin Sekniqi, COO at Ava Labs, called the event a “nothing burger”:

Before anyone starts FUD-ing this, this is perfectly normal. Miners will upgrade, and this will be resolved quickly. This is frankly a nothingburger, although exchanges and other key ecosystem entry points need to be careful about having upgraded nodes.

A Bitcoin investor claimed that BTC “does soft forks” to prevent these types of bugs. However, Ethereum core developer Tim Beiko claimed that the bug was found “between two versions” of a client’s implementation.

Highlighting the decentralized nature of the network, Beiko said that other nodes were not affected by the vulnerability, he added:

Probably not worth engaging to be honest, but seems like a reasonable price to pay to actually do stuff on ETH. I say this as someone who owns BTC for what is worth.

At the time of writing, ETH trades at $3,240 with a 4.4% profit in the daily chart. The report is yet to negatively impact ETH’s price.

Ethereum ETH ETHUSD
ETH with moderate gains in the daily chart. Source: ETHUSD Tradingview

by Reynaldo Marquez via Bitcoinist.com

Comments