The old version of Ethereum client has a bug, but it will not cause a fork

Author | Qin Xiaofeng

Produced by | Odaily Planet Daily

According to The Block, there is a bug in the old version of Ethereum client, which may cause the Ethereum network to suffer a "double-spending attack" or even a fork. However, the actual situation may not be serious and no fork will occur.

It is understood that the bug first appeared in the Telos EVM audit (Note: Telos EVM is the Ethereum virtual machine version running on the Telos blockchain). Guido Vranken, the auditor of Sentnl who conducted the audit, discovered the bug, calling it a "high severity issue" and reported it to the Ethereum core developers. Three days ago (August 24), Ethereum developers released an update patch to fix the above vulnerability, as shown below:

Currently, the bug is mainly concentrated in Ethereum Geth v1.10.7 and earlier versions. "All Geth versions that support the London hard fork have vulnerabilities (the vulnerability is earlier than the London upgrade), so all users should update."

According to Ethernodes statistics, there are currently 2,858 nodes using these old versions, accounting for 54% of the total Ethereum nodes (5,289).

Although the proportion of unupdated nodes is relatively large, this does not mean that the Ethereum network may be subject to a double-spending attack. Because the longest Ethereum chain is currently secure, and as nodes are updated one after another, unless hackers can control more than 51% of the entire network's computing power, the attack will not occur and the network will not fork.

Martin Swende, head of security at the Ethereum Foundation, said on Twitter: “Today, a consensus vulnerability (exploiting the consensus vulnerability fixed in geth v1.10.8) hit the Ethereum mainnet. Fortunately, most miners have updated and the correct chain is the longest (canon).”

At present, the most important thing for nodes running the Geth client is to update to Geth v1.10.8; for ordinary Ethereum users, it is best not to perform any on-chain transactions and wait for the node to be upgraded.

Although Ethereum is safe, it may be affected for public chains/side chains compatible with Ethereum EVM. Yearn.Finance core developer @banteg issued a reminder: "This vulnerability can now be repeated on other networks, such as Polygon, BSC, xDAI, Görli. Be careful and try not to make any economically meaningful transactions before the problem is resolved."

Odaily Planet Daily will also continue to pay attention to the developments of the incident and update it as soon as possible.