However, much to the expectations of the community, the hard fork was yet again delayed due to another security issue. This issue was bought to light on the eve of the hard fork, resulting in the key stakeholders taking the decision to prolong the upgrade. Additionally, the Parity and Geth team released a new version, which would revert Constantinople hard fork on the Ethereum network.
Importantly, the issue was found in one of the Ethereum Improvement Protocols [EIP], the net gas metering for SSTORE without dirty maps, and was brought to light by an audit platform for smart contracts, ChainSecurity. The platform pointed that the Constantinople upgrade would open doors for a Reentrancy attack. Based on the report by the team, smart contracts that are not currently vulnerable would become vulnerable to the attack after the upgrade.
According to the latest video by Ivan on Tech, the Youtuber explained the attack as “a smart contract [name it A] makes payment to another smart contract [name it B], smart contract B will have a chance to call another function in smart contract A, thereby gaining control over what happens next and can execute any code”.
The vulnerability exists even now, but cannot be carried out because of high gas limit, which is required to change the storage of another smart contract. The Youtuber, explained:
“Because when smart contract B can change storage of smart contract A, then this is when they can start messing with internal working of smart contract A and basically mess up the execution and steal funds.”
This is now a problem because the Ethereum Improvement Protocol proposes to make the storage cost cheaper, aimed at benefiting the developers. This, thereby, reintroduces the attack that was earlier prevented because of the higher gas costs.
During the ConstantiNOPEle watch party, one of the members of the Foundation, Hudson Jameson, stated that there is an Ethereum Improvement Protocol introduced to fix the issues found in EIP 1283. He further stated that the two developers are currently working with the Parity team and with Nick Johnson to have the EIP implemented. He said:
“That doesn’t mean the EIP is going in, it might be left out completely in the future fork […] There are stuff in the EIP that would make the stuff more friendly. “
Article comments