On January 16, 2019, ChainSecurity, a smart contact audit firm, released the results of an audit carried out on the Constantinople Hard Fork which was found to be vulnerable to reentrancy attacks. The Hard Fork Launch has since been postponed.
The Various Possible attacks
According to the report published by ChainSecurity, there are a number of vulnerabilities on the Constantinople hard fork that leave it open to a possible ‘reentrancy attack’.
The news broke on the same day that the Ethereum Classic Team announced the formation of the ETC Core Labs team.
The report states that whilst the current Constantinople upgrade helps users by introducing lower transaction costs, it also means that reentrancy attacks are more likely and can be done through the use of certain ETH smart contract commands.
What Is A Reentrancy Attack?
It involves a malicious party stealing funds from a network and is achieved by an attacker repeatedly asking the network for funds while supplying false information about their ETH account balance.
This makes the reentrancy vulnerabilities a very serious matter that could stall the project to avoid funds going missing, especially in light of the recent 51 percent Attack on Ethereum Classic.
According to Afri Schoedon, the hard fork coordinator at Ethereum, the development team has been made aware of the threat.
In response to this new revelation, the management of Ethereum has scheduled an all-core-dev call for January 18, 2019, to decide what will be done about the issue.
Also, the launch of Constantinople has also been shifted from this week, with Schoedon saying, “We will decide (sic) further steps on Friday in the all-core-devs call. For now, it will not happen this week. Stay tuned for instructions.”
The Scheduled Launch
Before the vulnerabilities were discovered, the Constantinople hard fork was due to have been launched this week on January 16, 2019.
Ahead of the Now-postponed launch, Ethereum’s core developers had stated that the launch would be one of their least eventful ones, with one developer saying, “I really can’t imagine a less contentious hard fork, to be honest. Of all the hard forks in the history of Ethereum, it’s probably the least eventful one.”
The first trial of the Constantinople hard fork took place in October 2018 on the Ethereum public testnet Ropsten, and there were intentions to activate it on the main blockchain at the end of 2018. However, a few issues were encountered and a launch was then scheduled for January 16, 2019.
The shift of the launch date and the addressing of vulnerabilities means that there will likely be a reduction in the rewards of mining each block from 3 ETH to 2; this could potentially lead to a reduction in the inflation and volatility that is experienced with miners trying to sell off their ETH.