Major Bug in the Parity Ethereum Client Could Have Caused the Mainchain to Split
Another bug has been discovered in the Parity Ethereum client according to a blog post made by the developers on June 6, 2018. Reacting swiftly to the development, the technical staff have already released a patch and fixed binaries for users to download. The bug would result in nodes falling out of sync with the network.
Critical Vulnerability in Parity
The UK based technology company went on to state that the bug could have triggered a faulty malformed block to be processed in the network, thereby splitting the mainchain.
The bug was discovered by the developer team on June 5, 2018, on Ropsten. Ropsten is a testnet used by Parity. It affected all nodes running Parity’s version 1.10.5 stable and 1.11.2 beta. Although the vulnerability was initially discovered on a testnet, the developers believed that it could be exploited on the mainnet as well.
According to the development team, if a node on the Ethereum network running Parity received a malformed transaction coming from a “0xfff…fff” address, the mining node would have produced an abnormal block. This malformed block would still be treated as authentic by other nodes running Parity.
Vulnerability Could Have Split the Mainchain
If the affected nodes controlled a majority of all mining power available on the network, most nodes would have validated the defective block. This would have created a split in the mainchain as most nodes would be forced to align with the new consensus rules.
Miners validate transactions and ensure all participants in the network follow consensus rules. The mainchain is the most extended chain of operations that goes back to the genesis block. Miners mine a new block of transactions every few minutes and add them to this chain of other transactions.
The mainchain would split into two with one chain containing all transactions until the bug was found and the second chain with the newer transactions. Both chains would have a copy of all transactions from the genesis block until that point.
The affected nodes accepting the malformed transaction would result in honest nodes falling out of sync with the network. However, since only 30 percent of all Ethereum nodes use Parity to stay in sync with the network, there was almost no possibility that the bug could have split the mainchain. Nevertheless, the developers did not want to take any risk and patched it immediately.
All nodes using the Parity Ethereum Client must immediately update to version 1.10.6 stable or 1.11.3 beta to ensure running status.
Parity and Bugs
Critical bugs and vulnerabilities have often been discovered in Parity. In fact, the frequency of discovery has put a question mark over the reliability and safety of Parity itself.
A critical vulnerability triggered on November 6, 2017, resulted in paralyzing wallets created after July 20, 2018. It ended up freezing $280 million worth of ether, one third of which belonged to Parity founder Gavin Wood.