Skip to main content

'Severe' Bug Found in Core Library for Ethereum and ETC

 

A mining pool recently found a severe vulnerability in code used for both Ethereum and Ethereum Classic. But it's now been fixed.





In brief

  • A mining pool discovered a vulnerability affecting the Ethereum and Ethereum Classic blockchains.
  • Some network nodes were not able to update their data due to the bug, the mining pool said.
  • A solution has been implemented on both blockchains.

Mining pool 2Miners recently discovered a bug affecting Ethereum’s “epoch switch,” a term for when the network moves from a set of filled blocks (called an epoch) to a new, unfilled set, as per a blog post last week. The bug also affects Ethereum Classic, a hard fork of Ethereum.

Blockchains, despite what popular culture may compare to mere spreadsheets, are highly-complex mathematical structures that depend on several moving parts in order to operate seamlessly. This means any change, upgrade, or new development can spring up unforeseen consequences, which are usually accounted for, but can still miss the boat sometimes.

An upcoming fork on Ethereum Classic—the ECIP-1099 proposal, which cuts down on the network’s hashing power—reportedly caused the problem this time. 2Miners found that when the blockchain switched to its new epoch, mining pools were not validating the data (despite it being legitimate).

2 Miners later found the bug to be in the core library used for maintaining both Ethereum and Ethereum Classic.

"With thorough investigation, we have discovered that the math in one of the core libraries used in many Ethash-based cryptocurrencies is a little off,” the firm said. It explained that the code was using calculation values of 32 bits instead of the required 64 bits (the latter can store more numerical value).

The issue could have caused some nodes—individual servers that maintain the network—to accept newer data to the blockchain but some other nodes to not, creating a potentially drastic situation that could lead to a chain split (similar to Ethereum's one the other day).

Developers estimated that the problem would occur on January 1 for the Ethereum blockchain, but was already an issue for Ethereum Classic.

2Miners was able to identify and patch the issue for both blockchains. It worked with Ethereum Classic developers, who swiftly installed a fix on November 6. "Thanks for this. We are running a few sync tests and general otherwise sanity checks, but in general this looks good and unless we find something unexpected we'll have it merged very soon," a developer said, before the fix went live.

On Ethereum's side, the mining company released two pull requests to mitigate the issue, one that Ethereum developers installed on November 11. An Ethereum blog post published the next day encouraged users to download a patch for both this issue alongside a further, unrelated critical vulnerability.

Source: decrypt.co

Ethereum's had quite the week.

Comments

Post a Comment

Contact us

Name

Email *

Message *

Popular posts from this blog

For my haters

₿  This is for people who told me to not put my money in Bitcoin 10 years ago 😂 RIP doubters and haters. #Bitcoin 💀 pic.twitter.com/sbuDljJtMv — Carl ₿ MENGER ⚡️🇸🇻 (@CarlBMenger) May 13, 2025
Post a Comment
Read more

Coinbase to Require Recipient Information for Crypto Transfers From Users in Canada, Singapore and Japan

  Customers in those countries who send crypto outside their Coinbase accounts must provide recipients’ names, addresses and in some cases, additional information, as of early April. Cryptocurrency exchange Coinbase Global (COIN) will soon require its customers in Canada, Japan and Singapore who send cryptocurrency to another financial institution or exchange to provide the name, address and in the case of Japan, the destination wallet of the recipient. Coinbase has been sending notices to its customers in those countries that the changes will take effect in early April in order to comply with local travel rules in those places. Coinbase didn't immediately respond to requests for additional comment on the moves, but confirmed that they were taking place. The move  does not seem to be going over well  with Coinbase customers in those countries, who value the anonymity of transactions using cryptocurrency. According to a  FAQ provided by Coinbase , for Canadian users, ...
Post a Comment
Read more

Jupiter plugin on your site

 Jupiter launches Jupiter Plugin , a customizable plugin that doesn't require RPC. PANews reported on August 7th that Jupiter announced the launch of the Jupiter Plugin.  This is an open-source, lightweight, plug-and-play version of Jupiter that allows users to seamlessly integrate end-to-end swap functionality into their applications with minimal effort.  Users can deploy it by simply adding a few lines of code.  Seamless Integration Embed Jupiter's Swap functionality directly into your application without redirection.  Multiple display options: Choose between integrated, widget or modal display modes.  Customizable options: Configure the exchange form to suit your application needs.  No RPC: Plugins can be integrated without any RPC, Ultra is responsible for handling transaction sending, wallet balance and token information.  Ultra Mode: Access all Ultra Mode features. Enjoy!
Post a Comment
Read more