Ethereum Constantinople Ropsten testnet launch delayed by 5 days
The update needs to be updated, and the update's update needs to be tested before the update can update.
The upcoming Ethereum Constantinople Ropsten testnet launch has been delayed by five days to fix a vulnerability opened up by one of the updates.
"Via community decision, we've delayed the Ethereum Ropsten testnet Constantinople hard fork by 1 epoch to block #4230000 (+5 days) to allow clients to implement, test and release an update to CREATE2, countering a recently found EVM DoS attack vector," explained Ethereum team lead Péter Szilágyi on Twitter.
To unpack that in English:
The update has been delayed by five days while testnet participants implement a certain update. The update is for CREATE2, which is one of the five changes introduced in the upcoming test.
CREATE2 is mostly intended to lay the groundwork for further testing and updates by allowing people to run tests on hypothetical addresses that contain hypothetical code. You can probably see how that would be pretty useful for testing purposes.
But the update also opened up a potential vulnerability – the "EVM DoS attack vector" as Szilágyi called it.
The EVM is the Ethereum Virtual Machine. It's kind of like a... well... a virtual machine. It's basically the Ethereum world computer as you know it, including all the rules that make it safe to use, despite being accessible by anyone everywhere in the world. These rules include things like gas costs for transactions, restrictions around what kind of data is put onto the network and what exactly programs can do. So you don't want to break it.
According to Szilágyi, CREATE2 included an EVM DoS attack vector. One can infer that this means CREATE2 would have allowed someone to run certain transactions without needing to pay the requisite gas costs.
By being able to send transactions without needing to pay those gas costs, someone would be able to spam the network with countless transactions, clogging Ethereum up with the effect of slowing it down, or potentially overwhelming it. This is called a denial of service (DoS or DDoS) attack, or a spam attack. DoS attacks aren't a cryptpocurrency thing. Rather, they're just one of those common features of the Internet age.
So the Constantinople test update needs to be updated, and the update's update needs to be tested before the update can be updated. It's just business as usual.
Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, ADA