BitMEX Research Finds ‘Potential Bug’ in Syncing of Ethereum Parity Full Node

The research arm of major cryptocurrency trading platform BitMEX has revealed in a blog post on Wednesday, March 13, that its Ethereum Parity full node contains a “potential bug.”

The alleged bug was discovered while analyzing data from Nodestats.org — BitMEX Research’s new website designed to collect key metrics on Ethereum nodes. In the same blog post, the exchange also announced the launch of Nodestats today, which it created in collaboration with TokenAnalyst.

Nodestats shows key data for Ethereum Parity and Ethereum Geth clients — which BitMEX reports are the two largest Ethereum node client implementations — and compares requirements related to CPU usage, memory (RAM), bandwidth and storage space.

The team started collecting data from the the Ethereum Parity full node on March 1, reporting that as of March 12, the node was still not completely synced with the Ethereum blockchain. The client was reportedly around 450,000 blocks behind, the research reports, noting that “based on its current trajectory, it should catch up with the main chain tip in a few days.”

According to the researchers, however, the slow sync is currently not an issue for the network:

“While the slow initial sync is a potential problem, at least for this system setup, Ethereum has not yet reached a point where the node cannot catch up, as the sync is faster than the rate of blockchain growth.”

However, BitMEX Research further identified a “potential bug” in the client, reporting that the Parity node “sometimes reports that it is in sync, despite being several hundred thousand blocks behind the chain tip.”

The authors claim that the purported bug could be exploited by an attacker in some circumstances, but states it is “highly unlikely” to happen:

“One could argue the impact of this potential bug could be severe [...] if exploited by an attacker in the right way. For example a user could accept an incoming payment or smart contract execution as verified, while their node claims to be at the network chain tip. [...] The attacker would need to double spend at a height the vulnerable node wrongly thought was the chain tip, which could have a lower proof of work requirement than the main chain tip. Although successful execution of this attack is highly unlikely and users are not likely to be using the highest seen block feature anyway.”

Nodestats is currently connected to five different Ethereum nodes and collects data every five seconds. According to BitMEX’s blog post, the main goal of the project is to provide metrics related to the computational resources each Ethereum node requires.

In other Ethereum news, United States Securities and Exchanges Commission (SEC) Chairman Jay Clayton has recently confirmed that ETH, and cryptocurrencies like it, aren’t securities under U.S. law. Clayton’s statement was in agreement with the stance of the SEC’s director of corporate finance, William Hinman, which was revealed last July.

Also this week, major Ethereum wallet provider MyEtherWallet announced the launch of the alpha version of its new open source Ethereum blockchain explorer, EthVM. The tool shows data from the Ropsten network, an Ethereum testnet, and, once deployed on the mainnet, will be able to compete with Etherscan, the current leading Ethereum block explorer.