Get the Finder app 🥳

Track your credit score, free

Free

Ethereum Constantinople Ropsten testnet launch delayed by 5 days

Posted: 5 October 2018 12:32 pm
News

The update needs to be updated, and the update's update needs to be tested before the update can update.

The upcoming Ethereum Constantinople Ropsten testnet launch has been delayed by five days to fix a vulnerability opened up by one of the updates.



What's up?

"Via community decision, we've delayed the Ethereum Ropsten testnet Constantinople hard fork by 1 epoch to block #4230000 (+5 days) to allow clients to implement, test and release an update to CREATE2, countering a recently found EVM DoS attack vector," explained Ethereum team lead Péter Szilágyi on Twitter.

To unpack that in English:

The update has been delayed by five days while testnet participants implement a certain update. The update is for CREATE2, which is one of the five changes introduced in the upcoming test.

CREATE2 is mostly intended to lay the groundwork for further testing and updates by allowing people to run tests on hypothetical addresses that contain hypothetical code. You can probably see how that would be pretty useful for testing purposes.

But the update also opened up a potential vulnerability – the "EVM DoS attack vector" as Szilágyi called it.

ethereum cryptocurrency

The EVM is the Ethereum Virtual Machine. It's kind of like a... well... a virtual machine. It's basically the Ethereum world computer as you know it, including all the rules that make it safe to use, despite being accessible by anyone everywhere in the world. These rules include things like gas costs for transactions, restrictions around what kind of data is put onto the network and what exactly programs can do. So you don't want to break it.

According to Szilágyi, CREATE2 included an EVM DoS attack vector. One can infer that this means CREATE2 would have allowed someone to run certain transactions without needing to pay the requisite gas costs.

By being able to send transactions without needing to pay those gas costs, someone would be able to spam the network with countless transactions, clogging Ethereum up with the effect of slowing it down, or potentially overwhelming it. This is called a denial of service (DoS or DDoS) attack, or a spam attack. DoS attacks aren't a cryptpocurrency thing. Rather, they're just one of those common features of the Internet age.

So the Constantinople test update needs to be updated, and the update's update needs to be tested before the update can be updated. It's just business as usual.


Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, ADA

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Crypto explained


Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site