It seems like a bug in older versions of Ethereum (ETH) Geth client, namely versions v1.10.07 and earlier, has caused a split.
“Fork between latest geth and older geth on mainnet. Stay away from doing txs for awhile till confirmed, unless you are sure you are submitting to latest geth,” tweeted Yearn Finance Founder Andre Cronje, advising: “Go for a walk outside, we all need it.”
A client is a software used to run nodes, and users download and utilise it to verify transactions on the network. Clients keep the network safe and the data accurate.
Per ethernodes.org, Geth is the most popular Ethereum client that accounts for 74.63% of the network nodes. Out of these, over 72% of Geth nodes are running older versions of the client, meaning that the bug may affect approximately 54% of Ethereum nodes. An address has also been identified by The Block Research as the address that exploited the bug.
According to Ethereum core developer Tim Beiko, Flexpool, BTC.com, and Binance pools “seem to be have been mining on the wrong Geth version.” The former seems to have been the one to report the issue, while developers are “getting in touch with the two latter ones,” said Beiko.
The bug may lead to double spend exploits where users spend cryptocurrency but the transaction is overwritten on an alternative chain.
However, Martin Swende, Security Lead at the Ethereum Foundation, said that “most miners were already updated, and the correct chain is also the longest (canon).”
Swende added that the “experiment with public announcements for hotfixes” was “successful in so far as most miners had upgraded in time — so the canon chain became longer than the bad chain.”
Meanwhile, Polygon (previously – Matic Network) said that most most validators have already upgraded to the latest Geth/Bor version on the Polygon PoS (proof-of-stake) mainnet. “The team is monitoring the network for now,” they said.
For the node upgrade details on Bor on Polygon PoS, please refer https://t.co/IxWDlgp7or
— Polygon (@0xPolygon) August 27, 2021
The bug was initially discovered sometime prior to August 24, 2021, and was immediately shared and acknowledged by the Go Ethereum team. Sentnl, the team who discovered the bug during Telos EVM audit, said that the bug was “of a high severity” and demanded an “emergency hot patch.”
Go Ethereum developers then released a patch on August 24 but it works only for those who have since updated their nodes. The developers confirmed it today again:
__
The @go_ethereum team did not only fix a bug for #Ethereum but also for the so-called Ethereum killers.
None of them will ask their users to upgrade their nodes though.:thinking_face:
PS: Upgrade your Geth nodes to 1.10.8! :raised_hands:https://t.co/n2LHAr09dA
— Bitfly (@etherchain_org) August 24, 2021
All Ethereum node runners are encouraged to update their Geth clients to v1.10.8.
At 15:23 UTC, ETH is trading at USD 3,248. It’s up 4.3% in a day and 3.3% in a week.
More reactions:
__
It seems that someone found the bug we fixed in @go_ethereum v1.10.8 and exploited it causing all geth nodes with earlier versions to split from the network. If you are running v1.10.7 or earlier please update!!!
— MariusVanDerWijden (@vdWijden) August 27, 2021
__
__
Not serious for ethereum. The majority of miners are on the updated geth that is not exploitable and longest chain is operating as expected.
For other chains that have forked versions of geth, things could get weird https://t.co/1xfYkxo5lR
— Adam Tyree Finch (@atyreefinch) August 27, 2021
____
Learn more:
– Disclosed: Ethereum ‘Lived’ With a Major Threat for 18 Months
– Crypto Bug Hunting by Zcash, EOS, Tron, and a Backdoored Coin
– EIP-1559 Three Weeks Later: ETH 100,000 Burned, Supply Grows
– Ethereum’s MEV Vulnerability To Be ‘Less of a Problem’ – Buterin
– Vitalik Buterin Not Sure ‘When ETH 2.0’ but Says Clients Can Launch it Alone
– Ethereum 2.0 Multi-Client Testnet Medalla Up 30% in Active Validators
Credit: Source link