Ethereum

Security Alert (November 24, 2016): Consensus bug in geth v1.4.19 and v1.5.2.

security warning

Configuration affected: Geth

Severity: High

Summary: An issue has been identified in Geth’s journaling mechanism. This resulted in a network fork at block #2686351 (24 November 2016 14:12:07 UTC). The new Geth release 1.5.3 fixes journaling issues and repairs forks.

Details: Geth failed to revert empty account deletion when the transaction causing it was terminated with an out of gas exception. An additional issue has been discovered in Parity where the Parity client incorrectly fails to reverse empty account deletion in a more limited set of contexts involving out-of-gas calls to precompiled contracts. The behavior of the new Geth is consistent with that of Parity, and once the state liquidation process is complete, empty accounts usually cease to be a cause for concern after about a week.

The chain created at block #2686351 by the old Geth client, which is considered invalid by both Parity and the new Geth release, appears to have been mostly abandoned around block #2686516, meaning that up to 165 blocks have been mined on the currently abandoned chain. Transactions are broadcast across the network, so most transactions are likely to exist on both the existing Geth chain and the current chain. However, mining rewards and transaction fees from the existing Geth chain will be lost. Now any transaction or block on the chain that is accepted by both clients will not be reverted.

The latest geth release updates the blockchain at the fork point, even if it is out of sync past the fork point.

Solution: Geth 1.5.3 has been released.

If you use Geth: Download the latest client here. https://github.com/ethereum/go-ethereum/releases/tag/v1.5.3

If you use Mist: When you restart Mist, the auto-update feature will prompt you to update the Geth client that Mist uses to geth 1.5.3.

Please note that if you do not update you will be on the wrong unsupported chain.

We continue to encourage exchanges and other high-value users to run multiple clients and automatically stop operations or enter safe mode if they are out of sync for more than up to 10 blocks.

The Ethereum website and mobile applications that allow you to store and/or transact Ethereum are operated by third-party web-based or mobile Ethereum providers (“Third-Party Providers”). Third-party providers operate their own Ethereum client infrastructure to facilitate their services. Typically, you don’t need to do anything if you use third-party providers like MetaMask, Jaxx, and MyEtherWallet. However, there may be some guidance for you. You should contact your Ethereum third-party provider to see what action they recommend for you.

—————-

disclaimer
This is an emerging, evolving, highly technological space. If you decide to participate, you should be aware that there are many risks involved, including but not limited to the risk that unexpected bugs and other technical issues may result in Ether loss and other consequences. Additionally, if you do not update to Geth 1.5.3 you will be on an unsupported network. By choosing to use the Ethereum platform, you assume the risks of this new platform.

Related Articles

Back to top button