Ethereum’s developers have decided to postpone the network’s much-anticipated hard fork after a smart contract auditor flagged a potential vulnerability in the upgrade.
Per the auditor, ChainSecurity, the upcoming Constantinople Upgrade for the Ethereum network, “introduces cheaper gas cost[s] [transaction fees] for certain […] operations.” ChainSecurity notes that “as an unwanted side effect, this enables reentrancy attacks” for “certain Solidity smart contracts.”
The developers have responded by announcing – via the official Ethereum Reddit page – that after holding an “emergency Ethereum Core Dev meeting” they have decided to delay Constantinople. The developers will reconvene in a call on January 18 to discuss the hard fork again. Developers had hoped to oversee the fork as early as January 16, but now concede that it “will not happen this week.”
[SECURITY ALERT] #Constantinople upgrade is temporarily postponed out of caution following a consensus decision by #Ethereum developers, security professionals and other community members. More information and instructions are below. https://t.co/p2znO8HGxf
— Ethereum (@ethereum) January 15, 2019
Ethereum (ETH) price took a tumble in the wake of the news, with a drop of around 6% on many major exchanges.
Reentrancy attacks involves hackers sending falsified information about the amount of Ethereum tokens they have in their accounts to the Ethereum network, while repeatedly sending fund requests. Without a code vulnerability, however, such attacks would be doomed to failure, and ChainSecurity states that the currently live, pre-fork network shows no signs of such vulnerabilities.
On Reddit, Afri Schoedon, the man tasked with overseeing the hard fork, admitted that the vulnerability could have “potentially put user funds at risk.” Schoedon stated, “The Ethereum Core Developers had the opportunity here to sweep this issue under the rug and commit to the Constantinople Hard Fork as planned. However, I am thoroughly impressed by the virtue that was exercised in this decision to postpone.”
The decision comes as yet another setback to Ethereum, who had hoped to finalize the Constantinople Upgrade as early as November last year.
Key Ethereum clients, such as Parity and Geth have already responded by issuing new software fixes for the existing network.