Augur Bets on Ethereum Constantinople Delay After Another Bug Found

A new bug in ethereum’s Constantinople upgrade has been found at the last minute, with it affecting a limited number of smart contracts that could utilize self-destruct after the upgrade.

Jason Carver, a developer at the Ethereum Foundation (EF), says a new feature called Create2 can allow a developer to replace the self-destructed contract and thus change the rules. Carver said:

“You can construct a pretty innocuous contract pre-Constantinople, one that has two possible outcomes from a transaction: {‘contract exists’: ‘swap tokens’, ‘contract self-destructs’: ‘waste some gas’}. Post-Constantinople, the options could now become {‘contract exists’: ‘swap tokens’, ‘contract self-destructs’: ‘waste some gas’, ‘contract replaced’: ‘all ERC20 tokens that were pre-approved to the contract are stolen’}…

Sending ether isn’t the only way to get hosed. For example you might use ERC20’s ‘approve’ on a contract, seeing that the contract has certain rules about how it will use your approved token. Selfdestruct doesn’t look particularly dangerous there (pre-Constantinople), because the contract can only go away. Now it can go away and come back with code that transfers all your approved tokens.”

Martin Holst Swende, another developer at EF, said: “The corollary being, as previously, that if someone verified the source, he should have noticed the SELFDESTRUCT (without a due inactivity period) and avoid interacting with it.”

If we understand correctly, that suggests the simple solution for someone who wants to buy a cryptopuppie is to first have a read through the contract to see if it might contain self-destruct.

“There are ways around each of these ‘social attacks’, but most of them require education. That will surely lag behind the Constantinople upgrade itself,” Carver says.

Testing awareness levels here. After Constantinople, can contracts that you interact suddenly change code, in-place?

— M H (((Swende))) (@mhswende) February 7, 2019

It is probable that it is mainly highly technical devs following the above account, but 76% of them are wrong. Chances that a non-dev will know about this selfdestruct trick, thus, are probably minimal.

“If we implement State fee proposal 2 as it is, it will allow resurrection of Parity multisig library, I suspect,” Alexey Akhunov, who is working on the Ethereum 1x upgrade, says. He further added:

“I am now thinking of the temporal replay protection EIP suggested in State fees proposal 2. I have just concluded that eviction of EOA account [normal eth addresses] combined with temporal replay protection (which resets the nonce of EOA to 0), will expand what CREATE2 further, to the EOA accounts…

Perhaps CREATE2 should have been modified to never allow repeating nonces, similar to other replay protection schemes, like assigning the nonce of the newly created contracts to TOTAL_TXS that would at least eliminate knock-on effects that reach way beyond intended functionality.”

Swende replied by stating: “Maybe temporal replay protection is not sufficient then. Not because that parity multisig could be resurrected – I think that would be cool (I’ve been opposed a targeted fork for only that, but a general non-targeted thing is cool by me), but we need to figure out other (bad) side effects. (Also, I’m not confident that the multisig could be resurrected like this anyway, since it would be trivial for anyone to prevent that.)”

Akhunov said he’ll work on a fix, with state fees not yet deployed. The Constantinople upgrade, however, is set to go live on the 27th of February.

That will allow smart contracts with self-destruct to trick individuals into stealing their money. Their considered options were to remove it all-together, modify it, or leave it as it is and educate everyone by letting them know that certain smart contracts are not immutable, but changeable at will.

What they have decided is not yet clear. Most of them are US time so we only managed to reach Afri Schoedon of Parity who in reply to us asking whether Constantinople will be delayed due to the above, said “No.”

This revelation, however, is quite new so it isn’t clear how familiar Schoedon is with it as when we asked whether smart contracts with self destruct will now just be able to steal people’s funds, he said “I’d like to know that answer, too.”

At the very minimum, it looks like this will complicate considerably the state rent/fees implementation. On the other hand, the ice age has now kicked in.

Augur bet on Constantinople delay, Feb 2019.

The ice age has currently increased block times to 21 seconds, reducing new supply to 13,000 eth from ◊20,000.

In about three weeks, supply will fall again by about 2,000-3,000 eth. Blocktimes should increase to about 25 seconds. Three weeks after that we might then get to 30-40 seconds.

So there is time to delay Constantinople to the end of March with bearable inconvenience. That’s what ethereans on Augur are betting will happen, but it is unclear at this stage what they plan to do.