Parity has just revealed a bug that could have crashed much of ethereum’s ecosystem which tends to use node infrastructure providers like Infura. Parity said:
“On February 3rd, we received several reports that an attacker can send a specially-crafted RPC request to a public Parity Ethereum node (any version pre 2.2.9-stable and 2.3.2-beta) and that node will crash…
Affected Parity Ethereum nodes are those that serve JSONRPC as a public service (e.g., Infura, MyEtherWallet, MyCrypto, and other publically-accessible pieces of infrastructure)…
Parity Ethereum nodes who don’t serve JSONRPC to strangers on the internet—i.e., most nodes—should not be directly affected…
The upcoming releases 2.2.9-stable and 2.3.2-beta will fix this issue. ETA for those builds is one-two hours (February 3rd 16:00 – 17:00 CET), as we need to run our full CI suite on them to make sure there are no regressions.
Please update your nodes to the newest version as soon as a new release become available.”
Infura serves billions of requests a day to circa 60%-70% of all dapps running on ethereum, but there is no suggestion that the bug has been exploited.
Moreover even if this was exploited it appears this would have caused only a service disruption rather than a loss of funds as the Infura nodes could have crashed, thus potentially making some dapps inaccessible.
It is unclear what exactly was the bug at this stage with Parity being one of the main ethereum client. A service like Infura, however, would probably use both Parity and Geth nodes just in case one was affected, but not the other.
So there may have not been any significant disruption, but the reliance of so many dapps on Infura might highlight a potential chokepoint for the ethereum ecosystem.
Dapp users are usually free too choose their own node, but eth node numbers are falling to now about 8,000 from circa 30,000 or more in 2017. Suggesting fewer ethereans are opting for that option.