• Markets
  • Crypto
  • Web3
  • Culture
  • Opinion
  • Politics
Subscribe
  • Login
  • Register
No Result
View All Result
  • Markets
  • Crypto
  • Web3
  • Culture
  • Opinion
  • Politics
No Result
View All Result
No Result
View All Result

Augur Bets on Ethereum Constantinople Delay After Another Bug Found

12/02/2019 11:41
No comments
ethereum

A new bug in ethereum’s Constantinople upgrade has been found at the last minute, with it affecting a limited number of smart contracts that could utilize self-destruct after the upgrade.
Jason Carver, a developer at the Ethereum Foundation (EF), says a new feature called Create2 can allow a developer to replace the self-destructed contract and thus change the rules. Carver said:
“You can construct a pretty innocuous contract pre-Constantinople, one that has two possible outcomes from a transaction: {‘contract exists’: ‘swap tokens’, ‘contract self-destructs’: ‘waste some gas’}. Post-Constantinople, the options could now become {‘contract exists’: ‘swap tokens’, ‘contract self-destructs’: ‘waste some gas’, ‘contract replaced’: ‘all ERC20 tokens that were pre-approved to the contract are stolen’}…
Sending ether isn’t the only way to get hosed. For example you might use ERC20’s ‘approve’ on a contract, seeing that the contract has certain rules about how it will use your approved token. Selfdestruct doesn’t look particularly dangerous there (pre-Constantinople), because the contract can only go away. Now it can go away and come back with code that transfers all your approved tokens.”
Martin Holst Swende, another developer at EF, said: “The corollary being, as previously, that if someone verified the source, he should have noticed the SELFDESTRUCT (without a due inactivity period) and avoid interacting with it.”
If we understand correctly, that suggests the simple solution for someone who wants to buy a cryptopuppie is to first have a read through the contract to see if it might contain self-destruct.
“There are ways around each of these ‘social attacks’, but most of them require education. That will surely lag behind the Constantinople upgrade itself,” Carver says.

Testing awareness levels here. After Constantinople, can contracts that you interact suddenly change code, in-place?

— M H (((Swende))) (@mhswende) February 7, 2019


It is probable that it is mainly highly technical devs following the above account, but 76% of them are wrong. Chances that a non-dev will know about this selfdestruct trick, thus, are probably minimal.
“If we implement State fee proposal 2 as it is, it will allow resurrection of Parity multisig library, I suspect,” Alexey Akhunov, who is working on the Ethereum 1x upgrade, says. He further added:
“I am now thinking of the temporal replay protection EIP suggested in State fees proposal 2. I have just concluded that eviction of EOA account [normal eth addresses] combined with temporal replay protection (which resets the nonce of EOA to 0), will expand what CREATE2 further, to the EOA accounts…
Perhaps CREATE2 should have been modified to never allow repeating nonces, similar to other replay protection schemes, like assigning the nonce of the newly created contracts to TOTAL_TXS that would at least eliminate knock-on effects that reach way beyond intended functionality.”
Swende replied by stating: “Maybe temporal replay protection is not sufficient then. Not because that parity multisig could be resurrected – I think that would be cool (I’ve been opposed a targeted fork for only that, but a general non-targeted thing is cool by me), but we need to figure out other (bad) side effects. (Also, I’m not confident that the multisig could be resurrected like this anyway, since it would be trivial for anyone to prevent that.)”
Akhunov said he’ll work on a fix, with state fees not yet deployed. The Constantinople upgrade, however, is set to go live on the 27th of February.
That will allow smart contracts with self-destruct to trick individuals into stealing their money. Their considered options were to remove it all-together, modify it, or leave it as it is and educate everyone by letting them know that certain smart contracts are not immutable, but changeable at will.
What they have decided is not yet clear. Most of them are US time so we only managed to reach Afri Schoedon of Parity who in reply to us asking whether Constantinople will be delayed due to the above, said “No.”
This revelation, however, is quite new so it isn’t clear how familiar Schoedon is with it as when we asked whether smart contracts with self destruct will now just be able to steal people’s funds, he said “I’d like to know that answer, too.”
At the very minimum, it looks like this will complicate considerably the state rent/fees implementation. On the other hand, the ice age has now kicked in.

Augur bet on Constantinople delay, Feb 2019.

The ice age has currently increased block times to 21 seconds, reducing new supply to 13,000 eth from ◊20,000.
In about three weeks, supply will fall again by about 2,000-3,000 eth. Blocktimes should increase to about 25 seconds. Three weeks after that we might then get to 30-40 seconds.
So there is time to delay Constantinople to the end of March with bearable inconvenience. That’s what ethereans on Augur are betting will happen, but it is unclear at this stage what they plan to do.
Copyrights Trustnodes.com 
 

Related Posts

Ethereum's ratio against bitcoin, May 2022

Ethereum’s Ratio Falls 15%

Ethereum blockchain developers.

Ethereum Dominates Crypto Development Says Andreessen Horowitz

Bitcoin Miner Starts Buyback

Trustnodes Goes Web3

Load More
  • Trending
  • Comments
  • Latest
One of Luna's bitcoin wallet, May 2022

Luna Confirms They Sold All Bitcoin

Central Bankers Discuss Bitcoin in El Salvador, May 2022

44 Central Banks to Attend Bitcoin Gathering in El Salvador

Three Months US Treasury Bonds Rate, May 2022

Falling Bonds Back USDc

The Court of Justice

Crypto Developers Don’t Own Duty of Care Court Rules

Ethereum's ratio against bitcoin, May 2022

Ethereum’s Ratio Falls 15%

Ethereum blockchain developers.

Ethereum Dominates Crypto Development Says Andreessen Horowitz

DGHI's price, May 2022

Bitcoin Miner Starts Buyback

Trustnodes Web3 Login, May 2022

Trustnodes Goes Web3

Comments

Latest News

  • Ethereum’s Ratio Falls 15%
  • Ethereum Dominates Crypto Development Says Andreessen Horowitz
  • Bitcoin Miner Starts Buyback

About Trustnodes

Terms of Service

Privacy Policy

Our Ethics and Values

Trustnodes Newsletter

Trustnodes © 2017-2022. All Rights Fully Reserved. For any Enquiries contact@trustnodes.com RSS Feed

No Result
View All Result
  • Login
  • Sign Up
  • Cart
  • Markets
  • Crypto
  • Web3
  • Culture
  • Opinion
  • Politics

Trustnodes © 2017-2022. All Rights Fully Reserved. For any Enquiries contact@trustnodes.com RSS Feed

Welcome Back!

Login to your account below

Authenticate with MetaMask Loading...

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?