Ethereum Issues Security Alert After Fork, Transactions May Be Reverted
Geth's implementation of EIP161 was flawed during the hard fork, Gavin Wood doubts that Ethereum will be switching to PoS on the prescribed schedule of Feb 2017.
Following a consensus flaw in Geth, the lead developer for Ethereum, Vitalik Buterin has issued a high security alert based on an issue that was identified with Geth’s journaling mechanism which caused a network fork at block #2686351 - Nov. 24, 2016 at 14:12:07 UTC.
In a post, Buterin noted that the Geth 1.5.3 has been released for users to update the Blockchain from the point of the fork, even if it has synced past the point of the fork.
“If you do not update, please be aware you will be on an invalid chain that is not supported...We continue to recommend that exchanges and other high-value users run multiple clients and automatically halt operations or otherwise enter safe mode if they go out of sync by more than ~10 blocks.”
Those who use a third party provider such as MetaMask, Jaxx and MyEtherWallet do not need to do anything aside from checking with their provider to see what actions, if any, are recommended for their users.
Nick Johnson had earlier stated on Reddit that those running Geth should not assume transaction finality for blocks after the fork, until the new client is available.
“Your transactions are likely included on the Parity fork as well, but that's not necessarily the case, so when the new client is released you may see transactions reverted. Nobody's balances are affected except insofar as you submitted transactions that affect them.”
Buterin explained that Geth was failing to revert empty account deletions when the transaction causing the deletions of empty accounts ended with an out-of-gas exception, and there was another issue where the Parity client incorrectly failed to revert empty account deletions in a more limited set of contexts involving out-of-gas calls to precompiled contracts.
“The chain that was created from block #2686351 by the old Geth client, which both Parity and the new Geth release consider invalid, seems to have been mostly abandoned around block #2686516, meaning that ~165 blocks were mined on the now abandoned chain. Transactions are broadcast across the network so most transactions are likely present on both the old Geth chain and the current chain, although mining rewards and transaction fees on the old Geth chain are lost. No transactions or blocks on the chain that both clients will now accept will be reverted.”
Writing on Gitter, Gavin Wood, who coded the first functional implementation of Ethereum, notes that although Geth's implementation of EIP161 was flawed, it is highly unlikely anything bad will happen on the network and exchanges as a repercussion, given that 120+ confirmations are required and any double-spend attacker would have to be on the ball from block one.
As the biggest exchange for Ether, Wood thinks Poloniex should be running at least two clients as well as have an early warning system to halt operations if there is a fork but he says they have refused to be engaged on the matter. He also says he doubts that Ethereum will be switching to PoS on the prescribed schedule of February 2017.