19 May 2021 #Ethereum
The Ethereum Foundation has come clean about a security vulnerability first spotted in 2019 that could have brought the mainnet to a halt until the Berlin upgrade last month. The Ethereum Foundation has published a blog post outlining a potentially catastrophic vulnerability that could have resulted in the mainnet being brought down at a cost of less than five-figures up until the execution of the Berlin hardfork last month.
A May 18 blog post describes the vulnerability as having posed “a severe threat against the Ethereum platform” until April’s upgrades allowed it to dodge the bullet. The report describes the threat as having been an “open secret,” noting it was once publicly disclosed by mistake. Following the implementation of the Berlin hard fork, the foundation estimates the threat is low enough to warrant full disclosure at this time, stating:
“It’s important that the community is given a chance to understand the reasoning behind changes that negatively affect the user experience, such as raising gas costs and limiting refunds.”
The post details that Ethereum’s state consists of a patricia-merkle trie, conceptually likening new accounts on the Ethereum network to new leaves growing on a tree. With the growth of the Ethereum network, increases to gas costs have been implemented from October 2016 to protect against denial-of-service attacks, including the controversial Ethereum Improvement Proposal, or EIP-1884. In 2019, Ethereum security researchers Hubert Ritzdorf, Matthias Egli, and Daniel Perez teamed up to weaponize an exploit enabled by the recent upgrades, with the attack triggering random trie lookups that could “lead to blocktimes in the minute-range.” A report published that year stated that delays caused by the attack will become longer as Ethereum’s state grows, “which allows efficient DoS attacks against Ethereum.”
After various proposals from developers were rejected throughout 2020, Vitalik Buterin teamed up with Martin Swende to author EIP-2929 and EIP-2930 — upgrades that raised gas prices “only for things not already accessed” to prevent the attack. The EIPs were introduced alongside the Berlin upgrade on April 15, 2021. As such, the blog estimates the Berlin upgrade reduced the effectiveness of the exploit by 50 times.
Ethereum is not the only network to come clean about long-term vulnerabilities after implementing upgrades to protect against said exploits. In September 2020, crypto researchers Braydond Fuller and Javed Khan published a paper revealing a “high” severity vulnerability for layer-two solutions built on top of BTC such as the Lightning Network. Despite the vulnerability being introduced and the authors estimating 50% of Bitcoin nodes were exposed to the vector, the authors did not identify any attempts at exploiting the weakness.
Get cryptocurrency price predictions, forecasts with analysis and news right to your inbox.
© 2015-2021 Crypto-Rating.com
The usage of this website constitutes acceptance of the following legal information. Any contracts of financial instruments offered to conclude bear high risks and may result in the full loss of the deposited funds. Prior to making transactions one should get acquainted with the risks to which they relate. All the information featured on the website, including information about the cryptocurrencies and bitcoin is intended solely for informational purposes, is not a means of advertising them, and doesn't imply direct instructions for investing. Crypto Rating shall not be liable for any loss, including unlimited loss of funds, which may arise directly or indirectly from the usage of this information. The editorial staff of the website does not bear any responsibility whatsoever for the content of the comments or reviews made by the site users about cryptocurrencies. The entire responsibility for the contents rests with the authors. Reprint of the materials is available only with the permission of the editorial staff.