Most used blockchain Go Ethereum averts crisis after software flaw is fixed

Most used blockchain Go Ethereum averts crisis after software flaw is fixed

A flaw in the most popular used to verify transactions on the Ethereum network nearly triggered a crisis for the world’s most widely used

About half of the Ethereum ecosystem split into a separate chain after a bug in the Go Ethereum, or Geth, effected users who hadn’t implemented an update meant to fix the mistake, said Maddie Kennedy, a spokesperson at the research firm, Chainalysis.

“This could’ve been a big problem, but it isn’t,” Kennedy said.

About 75% of all users on the Ethereum network utilize Geth as a node to mine the blockchain’s native token, Ether, and to create that runs functions such as decentralized applications.

At its worst, the split – or fork – could have caused a so-called double-spend attack where the same Ether would have traded twice during any transaction or trade, according to the news site Decrypt. This would’ve created counterfeit currency and possibly a sharp drop in its value.

Fortunately, most traders using Geth swiftly upgraded their systems, allowing most of the to remain on the primary network, instead of pivoting to the forked version, said Kennedy.

While the parallel network still exists, it will eventually disappear as more users of Geth upgrade their systems, she added.

Ether rose for the first time in four trading sessions during New York hours, gaining about 4.6% to $3,272. The second-largest cryptocurrency by market value after Bitcoin has surged more than 300% this year.

Ethereum Blockchain Splits as Software Bug Affects More Than Half the Network

A bug on the Ethereum blockchain’s most popular software client, Geth, has created a fork in the network. This means that the Ethereum blockchain is currently processing two chains simultaneously, which—if unresolved—could potentially cause a double-spend attack.

A double-spend attack means that the same cryptocurrency is spent twice, essentially turning a cryptocurrency into a counterfeit, inflating the asset and lowering its value.

The bug in question is only present in older versions of the client, or those that came before the Geth v1.10.8 update. The update is also called “Hades Gamma.”

Ethereum developers previously disclosed this bug on August 18.

PSA: On Tuesday Aug 24th, Geth will issue a hotfix to a high severity security issue. Please make any necessary preparations to upgrade to the upcoming release (v.1.10.8). #ethereum #geth — Go Ethereum (@go_ethereum) August 18, 2021

An Ethereum client is a piece of software that users can download to verify transactions on the network. This software is used to run nodes, and the more nodes a network has, the more decentralized it is. The Bitcoin network has the most nodes at 11,858, according to Bitnodes.

At the moment, there are 5,289 Ethereum nodes. Of that sum, the Geth client is the most popular software at 3,947 users.

With 74% of the Ethereum network using the Geth client, and 73% of those users (2,858) using older versions of the Geth client, today’s bug has raised alarm bells among many in the crypto community. More than half of all nodes on Ethereum are affected by this bug.

A pie chart of all Ethereum clients. Source: Ethernodes.org

While the bug was identified last week, and the Hades Gamma update was made available starting Tuesday, today’s chain split indicates that many users had yet to update their clients. “The bug is serious in that it caused a chain split, but the effects on the Ethereum mainnet were negligible given that the vast majority of clients had upgraded,” Tim Beiko, an Ethereum core developer, told Decrypt.

The developer team behind the client, Go Ethereum, announced today that “the issue was resolved in the v1.10.8 release announced previously.” They again urged those using older clients to update.

A chain split has occurred on the Ethereum mainnet. The issue was resolved in the v1.10.8 release announced previously. Please update your nodes, if you haven’t already! — Go Ethereum (@go_ethereum) August 27, 2021

Not the first Ethereum split

The Ethereum network has suffered similar forks in the past.

In April, the second-largest Ethereum client, Open Ethereum, suffered a bug in which the clients were not syncing with the network. This meant that nodes running this client were unable to use the blockchain until the error was fixed.

Ethereum forked again in November 2020 as users of Geth again failed to update their nodes following a key update. In each of these prior instances of a chain split resulting from nodes failing to update their software clients in time, the issue was resolved once users successfully updated their software.

Meanwhile, the price of ETH appears unaffected by today’s controversy.

The cryptocurrency is up 3.7% over the past 24 hours and is currently trading hands at $3,243, according to CoinGecko.

Bug impacting over 50% of Ethereum clients leads to fork

A bug in older versions of the Ethereum network client Geth has caused nodes running those versions to split from the main network.

The bug impacts older versions of Geth clients, specifically v1.10.7 and earlier. These make up nearly 75% of all Ethereum nodes, and 73% of Geth clients are still running the older versions.

This means that around 54% of Ethereum nodes are running with a major infrastructure bug.

The concern is that this could lead to double spending attacks, where cryptocurrency is spent but then the transaction is overwritten by the alternative chain.

The Block Research has identified this address as the one that exploited the bug and it was funded by a Tornado Cash client. The bug, which has the potential to impact other EVM-compatible chains, has also been exploited on Binance Smart Chain by this address and on Huobi ECO Chain by this address (H/t Peckshield). It does not appear to have been exploited on Polygon.

The impact of the fork

While a portion of nodes have split off from the network, it doesn’t appear to be having huge ramifications yet. It appears that the majority of miners are running updated versions of Ethereum, meaning the hash rate is supporting the longest chain.

Regarding nodes running the older versions of Geth, they are effectively unable to access the main network. As a result, while there are possible exploits that could happen, the network appears to be stable for now.

Ethereum Foundation security lead Martin Swende tweeted, “A consensus bug hit #ethereum mainnet today, exploiting the consensus-bug that was fixed in geth v1.10.8. Fortunately, most miners were already updated, and the correct chain is also the longest (canon).”

Ethereum core developer Tim Beiko weighed in, saying that three mining pools appear to have been mining on the wrong version of Geth, including Flexpool, BTC.com and Binance. He said Flexpool originally reported the issue so was aware of it and that developers are getting in touch with the other two pools.

Finding the bug in an audit

This bug was found in an audit of Telos EVM, the version of the Ethereum Virtual Machine running on the Telos blockchain, according to a press release. Guido Vranken, auditor at Sentnl, which carried out the audit, found the bug, calling it a “high severity issue.”

After Ethereum core developers were informed about the issue, they released a patch on August 24 to fix it. But this only helps those who have upgraded their nodes.

When the fix was announced, a statement said, “The exact attack vector will be provided at a later date to give node operators and dependent downstream projects time to update their nodes and software. All Geth versions supporting the London hard fork are vulnerable (the bug is older than London), so all users should update.”

For more breaking stories like this, make sure to subscribe to The Block on Telegram.