A mining pool recently found a severe vulnerability in code used for both Ethereum and Ethereum Classic. But it's now been fixed.
In brief
- A mining pool discovered a vulnerability affecting the Ethereum and Ethereum Classic blockchains.
- Some network nodes were not able to update their data due to the bug, the mining pool said.
- A solution has been implemented on both blockchains.
Mining pool 2Miners recently discovered a bug affecting Ethereum’s “epoch switch,” a term for when the network moves from a set of filled blocks (called an epoch) to a new, unfilled set, as per a blog post last week. The bug also affects Ethereum Classic, a hard fork of Ethereum.
Blockchains, despite what popular culture may compare to mere spreadsheets, are highly-complex mathematical structures that depend on several moving parts in order to operate seamlessly. This means any change, upgrade, or new development can spring up unforeseen consequences, which are usually accounted for, but can still miss the boat sometimes.
An upcoming fork on Ethereum Classic—the ECIP-1099 proposal, which cuts down on the network’s hashing power—reportedly caused the problem this time. 2Miners found that when the blockchain switched to its new epoch, mining pools were not validating the data (despite it being legitimate).
2 Miners later found the bug to be in the core library used for maintaining both Ethereum and Ethereum Classic.
"With thorough investigation, we have discovered that the math in one of the core libraries used in many Ethash-based cryptocurrencies is a little off,” the firm said. It explained that the code was using calculation values of 32 bits instead of the required 64 bits (the latter can store more numerical value).
The issue could have caused some nodes—individual servers that maintain the network—to accept newer data to the blockchain but some other nodes to not, creating a potentially drastic situation that could lead to a chain split (similar to Ethereum's one the other day).
Developers estimated that the problem would occur on January 1 for the Ethereum blockchain, but was already an issue for Ethereum Classic.
2Miners was able to identify and patch the issue for both blockchains. It worked with Ethereum Classic developers, who swiftly installed a fix on November 6. "Thanks for this. We are running a few sync tests and general otherwise sanity checks, but in general this looks good and unless we find something unexpected we'll have it merged very soon," a developer said, before the fix went live.
On Ethereum's side, the mining company released two pull requests to mitigate the issue, one that Ethereum developers installed on November 11. An Ethereum blog post published the next day encouraged users to download a patch for both this issue alongside a further, unrelated critical vulnerability.
Source: decrypt.co
Ethereum's had quite the week.
Comments
Post a Comment