Last month, Constantinople hard fork was expected to take place on 16 January 2019 (Wednesday) at block number 7,080,000. However, it was delayed due to a vulnerability found in Ethereum Improvement Proposal (EIP) 1283 which would allow a reentrancy attack. An official announcement was made on https://blog.ethereum.org to address the postponement of Constantinople hard fork.
The vulnerability issue was identified by ChainSecurity (a smart contract auditing firm)on 15 January 2019 (Tuesday), a day before the Constantinople hard fork will take place. ChainSecurity released an article on Medium where they highlighted a crucial vulnerability issue that would make the existing contracts susceptible to a reentrancy attack. It has been highlighted by ChainSecurity that the implementation of EIP 1283 could create a loophole in the Ethereum network where the attackers could enter the network and steal the users’ funds repeatedly. This attack was named as “reentrancy attack”.
What is Reentrancy Attack?
EIP 1283 aimed to introduce a cheaper cost of storage and to reduce excessive gas costs by simulating a secure treasury sharing service. Two parties can jointly receive the funds and decide on how to split the funds based on the agreed payout. Nonetheless, this upgrade would create an unwanted and vulnerable reentrancy attack where an attacker will create such a pair with where the first and second addresses belong to the attacker’s smart contracts. The code patterns are vulnerable in a way where asmart contract may communicate with an external smart contract by “calling it”. If the external smart contract is malicious, the attacker may be able to take advantage of this and take over control flow of the first smart contract’s address. This allows the attacker to make unexpected changes to the first smart contract’s address. The attacker may repeatedly withdraw Ether from the smart contract by “re-entering” at a particular spot in the code on more than one occasion without notifying users. Essentially, the attacker could steal funds from the network forever without ever being discovered.
The Core Ethereum Devs came to a consensus where the Constantinople hard fork will be postponed until 28 February 2019 (Thursday) approximately at block number 7,280,000.
What are Constantinople and St. Petersburg hard forks?
Constantinople and St. Petersburg are the names given to the network upgrade at this time. According to the latest official announcement made by Ethereum on 22 February 2019, the reason that this network upgrade has two names because the original Constantinople network upgrade was postponed and two protocol upgrades will need to occur on the same block number in order to fix issues on various Ethereum test networks.
This first part of the network upgrade (Constantinople hard fork) will include all five EIPs including the buggy EIP 1283. On the second part of the network upgrade (St. Petersburg), EIP 1283 will be removed. This process will further ensure that any networks which have already implemented the complete Constantinople hard fork upgrade(with EIP 1283) will still be able to fix the buggy EIP 1283 without having to roll back any blocks.
Check out our last article here about Constantinople hard fork if you would like to learn more about the five EIPs that will be implemented in this network upgrade.