Postponing the fork and switching to a new client, but these Ethereum miners seem to be unaware

On January 16, Ethereum developers issued a security warning aimed at delaying the Constantinople upgrade. However, not everyone has followed the developers’ advice, and some miners are still mining on the unofficial Constantinople chain and have not upgraded their clients.

The reason for the delay of this upgrade is that there is a vulnerability in a certain EIP (Ethereum Improvement Protocol) involved. To this end, the Ethereum team issued a public statement:

We are investigating all potential vulnerabilities and will provide updates in this blog post and across media channels.

Out of an abundance of caution, key stakeholders in the Ethereum community have decided that the best course of action is to postpone the Constantinople hard fork upgrade originally scheduled for block 7080,000 (approximately January 17, 2019, Beijing time).

To avoid violating consensus, users must install a new version of the client.

But it seems that not all miners are aware of this news. As of press time, at least 10TH/S of computing power is still mining on the unofficial chain.

This part of computing power even exceeds the computing power of the entire ETC network:

The vulnerability in this upgrade may cause fraud and is difficult to understand. In simple terms, the change in Ethereum storage charging method may trigger a round of attacks and increase the cost of creating dApps. "Reentrancy attack" specifically targets smart contracts and is different from replay attack or double spending. It is a difficult problem. ChainSecurity, which discovered the code vulnerability, explained:

For a contract to be vulnerable, certain preconditions must be met:

1. There must be a function A in which a transfer/send is followed by a state-changing operation. This is sometimes not obvious, such as a secondary transfer or interaction with another smart contract.

2. There must be a function B that is accessible to the attacker and that (a) changes state and (b) changes state in a way that conflicts with the state of function A.

3. Function B needs to execute in less than 1600 gas (2300 gas allowance - 700 gas for the call).

Although the vulnerability does not exist on the blockchain, a full investigation is still necessary to be on the safe side. The official Ethereum blog states:

Security researchers, like ChainSecurity and TrailOfBits, conducted (and are still conducting) analyses of the entire blockchain. While they did not find any cases in the wild that were affected by this vulnerability, there is still a non-zero risk that some contracts could be affected.

In a large decentralized network, it is understandable that information cannot be delivered to everyone in a timely manner. Bitcoin nodes are also active in different versions of clients. Currently, a few mining nodes are still mining on the Constantinople client, but unfortunately, they cannot obtain valid Ethereum in this process.