Ethereum is currently experiencing a consensus failure due to a bug fix in a recently released upgrade client.
“There was a consensus bug fixed in geth v.1.9.18. All lower clients seems to be affected. Please upgrade your node regularly,” the ethereum developers said.
The Geth ethereum client team said: “Tomorrow (12th Nov) Google will publish a security release (CVE-2020-28362) for golang, in the form of Go v1.15.5 and v1.14.12.
This is a critical release for Ethereum! We will push a new Geth release with it, but if you use an older version, you’ll need to rebuild yourself!”
The bug fix was not announced prior to the new client release or in the release notes themself.
“We don’t discuss consensus flaws on [github] tickets,” said Martin Holst Swende, who calls himself the Ethereum security guy, further adding:
“Anything that we patch is eventually also downstreamed into e.g. ETC, and various private chains. There may well be a write-up or devcon presentation about this in the future.”
So this was a stealth upgrade with it unclear whether the devs were aware this bug would cause a consensus failure or whether they notified key infrastructure they must upgrade with this further revealing a lack of peer review.
The bug itself currently remains unknown, with much eth infrastructure affected as Infura has been down for hours.
Infura handles billions of requests per day as an ethereum infrastructure service with many functions that run on the ethereum blockchain disrupted, like price feeds.
Some blockchain explorers went down as well and other node runners with it unclear at this point whether any funds have been lost to double spends.
Ethereum network users are advised to not transact until the situation becomes clearer as they could open themselves to double spending attacks at this stage.
That’s because effectively there are currently two chains or two version of transaction history, something that should resolve within hours.