Home Ethereum Security alert [11/24/2016]: Consensus bug in geth v1.4.19 and v1.5.2

Security alert [11/24/2016]: Consensus bug in geth v1.4.19 and v1.5.2

by John Smith
0 comments


Security Alert

Affected configurations: Geth

Severity: High

Summary:  An issue has been identified with Geth’s journaling mechanism. This caused a network fork at block #2686351 (Nov-24-2016 14:12:07 UTC). The new Geth release 1.5.3 fixes the journaling issue and repairs the fork.

Details: Geth was failing to revert empty account deletions when the transaction causing the deletions of empty accounts ended with an an out-of-gas exception. An additional issue was found in Parity, where the Parity client incorrectly failed to revert empty account deletions in a more limited set of contexts involving out-of-gas calls to precompiled contracts; the new Geth behavior matches Parity’s, and empty accounts will cease to be a source of concern in general in about one week once the state clearing process finishes.

The chain that was created from block #2686351 by the old Geth client, which both Parity and the new Geth release consider invalid, seems to have been mostly abandoned around block #2686516, meaning that ~165 blocks were mined on the now abandoned chain. Transactions are broadcast across the network so most transactions are likely present on both the old Geth chain and the current chain, although mining rewards and transaction fees on the old Geth chain are lost. No transactions or blocks on the chain that both clients will now accept will be reverted.

The latest geth release will update the blockchain from the point of the fork, even if it has synced past the point of the fork.

Solution: Geth 1.5.3 was released.

If you are using Geth: Download the latest client here: https://github.com/ethereum/go-ethereum/releases/tag/v1.5.3

If you are using Mist: Restart Mist and the auto-update feature will prompt you to update the Geth client that Mist uses to geth 1.5.3.

If you do not update, please be aware you will be on an invalid chain that is not supported.

We continue to recommend that exchanges and other high-value users run multiple clients and automatically halt operations or otherwise enter safe mode if they go out of sync by more than ~10 blocks.

Ethereum websites and mobile applications that allow you to store ether and/or make transactions are run by third party web based or mobile Ethereum providers (“Third Party Providers”). Third Party Providers run their own Ethereum client infrastructure to facilitate their services. Generally, you do not need to do anything if you use a Third Party Provider such as MetaMask, Jaxx, and MyEtherWallet. However, they may have instructions for you. You should check with your Ethereum Third Party Provider to see what actions, if any, they are recommending for their users.

—————————–

DISCLAIMER
This is an emergent and evolving highly technical space. If you choose to participate, you should know there are many risks involved including but not limited to risks like unexpected bugs and other technical complications that could result in loss of ether and other consequences. In addition, if you do not update to Geth 1.5.3, you will be on an unsupported network. By choosing to use the Ethereum platform, you assume the risks of this emergent platform.



Source link

You may also like

Leave a Comment