Ethereum’s Soft Fork Called Off as it Introduces a New Attack Vector

The DAO debacle continues, after the miner community voted in favor of a protocol soft fork, a new vulnerability introduced by the update has caused the support to the fork to be withdrawn. Geth's 1.4.8 version could allow an attacker to SPAM and effectively freeze the whole Ethereum network.

The Ethereum Foundation has introduced a new Geth client version (1.4.9) (https://github.com/ethereum/go-ethereum/releases/tag/v1.4.9) that rolls back the changes made in the previous soft-fork-enabled software. A security alert was issued ( https://blog.ethereum.org/2016/06/28/security-alert-dos-vulnerability-in-the-soft-fork/ ) by Ethereum Foundation. In the announcement, the developer Felix Lange explained:

An attack vector has been identified in the freshly released implementation of the DAO soft fork. The fork enactment code in geth (and other clients) allows execution of EVM code up to the block gas limit without paying for gas. This can slow down mining and prevent inclusion of legitimate transactions.

The Foundation seems incapable of taking any quick decision, indeed, the choices available to them are very limited: a hard fork needs to be implemented before July 14 to prevent the hacker from retrieving the stolen funds. In Felix Lange’s own words the follow-up actions are:

Available options are being considered. The community can avoid any negative consequences of the soft fork by voting against it until a better solution has been found. Note that, to the best of our knowledge, no funds can be retrieved from the affected DAOs until July 14th 2016. There is no immediate urgency to block transactions while further proposals are being worked out.

Another vulnerability was also found by GitHub user 9600- . a Péter Szilágyi said: a data race introduced by the rushed soft-fork that can lead to miners crashing if they are running transactions simultaneously with importing blocks from the network.

The events were negatively received by the markets: Ethereum’s valuation plummeted from $13.78 to a minimum of $11.6 (Data via Kraken). The price experienced a recovery in the past hours, hovering the $12.7 mark at the time of press.

Info : http://www.newsbtc.com/2016/06/29/ethereums-soft-fork-called-off-introduces-new-attack-vector/
Published by Eduardo Gómez

Eduardo Gómez is a freelance content writer based in Venezuela, a country with a loyalist group of Bitcoin and Cryptocurrency adopter. Eduardo discovered Bitcoin in 2012 and he has been actively reporting the news in the Blockchain industry for the past year.