Author: Michael Johnson

ETH DEV would like to thank everyone for their participation in the Olympic test network, which helped us greatly in stress testing, optimization, and finding bugs in the Ethereum clients, as well as determining what the limits of the current Ethereum system are. To that end, we are pleased to announce the Olympic reward recipients. On top of the rewards announced below, every miner who mined a block in the Olympic chain with block number in the range [310000, 589999] is entitled to receive 0.5 ETH per block, and every miner who mined a block in the Olympic chain with…

An increasing number of proposed applications on top of Ethereum rely on some kind of incentivized, multi-party data provision – whether voting, random number collection, or other use cases where getting information from multiple parties to increase decentralization is highly desirable, but also where there is a strong risk of collusion. A RANDAO can certainly provide random numbers with much higher cryptoeconomic security than simple block hashes – and certainly better than deterministic algorithms with publicly knowable seeds, but it is not infinitely collusion-proof: if 100% of participants in a RANDAO collude with each other, they can set the result…

Insecurely configured Ethereum clients with no firewall and unlocked accounts can lead to funds being accessed remotely by attackers. Affected configurations: Issue reported for Geth, though all implementations incl. C++ and Python can in principle display this behavior if used insecurely; only for nodes which leave the JSON-RPC port open to an attacker (this precludes most nodes on internal networks behind NAT), bind the interface to a public IP, and simultaneously leave accounts unlocked at startup. Likelihood: Low Severity: High Impact: Loss of funds related to wallets imported or generated in clients Details: It’s come to our attention that some…

Unfortunately we were not able to secure the venue for devcon one in London on the dates desired (October 5th-8th). As a consequence we are postponing the event until further notice.  Please do not make travel plans at this time. Updates will be forthcoming on the devcon one website . Please standby for further information. Source link

State transition and consensus issue in geth client causes panic (crash) when processing a (valid) block with a specific combination of transactions, which may cause overall network instability if block is accepted and relayed by unaffected clients thus causing a DoS. This may happen in a block that contains transactions which suicide to the block reward address. Affected configurations: Issue reported for Geth.While investigating the issue, related issues were discovered and corrected in pyethereum, hence pyethapp is also affected. C++ clients are unaffected. Likelihood: Low Severity: High Complexity: High Impact: Network Instability and DoS Details: A block containing a specific…

Implementation bug in the go client leads to steady increase of difficulty independent of hashing power. Affected configurations: All Go client versions v1.0.x, v1.1.x, release and develop branches. The bug was introduced in a recent update and release through commit https://github.com/ethereum/go-ethereum/commit/7324176f702a77fc331bf16a968d2eb4bccce021 which went into the affected client versions. All miners running earlier mentioned versions are affected and are advised to update as soon as possible. Likelihood: High Severity: Medium Impact: Increase in block time will lead to an exponential increase in difficulty Details: A bug in the go client leads to steady increase in difficulty in the following block, as…

To the wonderful Ethereum Community, You often heard me say at conferences that Ethereum was not a company, a foundation, an implementation, or an individual. Ethereum is both an idea and an ideal, encompassing the first censorship-resistant network build specifically to enable those who need it the most to safely trade, privately self-organise and freely communicate, rather than relying on the crippled walled garden handed out by the powers that be. Due to divergence in personal values, Eth/Dev and I have mutually decided to part ways. I of course intend to continue promoting the Ethereum ideals and bring about a…

  Summary: Implementation bug in the go client may lead to invalid state Affected client versions: Latest (unpatched) versions of Go client; v1.1.2, v1.0.4 tags and develop, master branches before September 9. Likelihood: Low Severity: High Impact: High Details: Go ethereum client does not correctly restore state of execution environment when a transaction goes out-of-gas if – within the same block – a contract was suicided. This would result in an invalid copy operation of the state object; flagging the contract as not deleted. This operation would cause a consensus issue between the other implementations.   Effects on expected chain…

One of the largest sources of confusion in the question of blockchain security is the precise effect of the block time. If one blockchain has a block time of 10 minutes, and the other has an estimated block time of 17 seconds, then what exactly does that mean? What is the equivalent of six confirmations on the 10-minute blockchain on the 17-second blockchain? Is blockchain security simply a matter of time, is it a matter of blocks, or a combination of both? What security properties do more complex schemes have? Note: this article will not go into depth on the…

We are happy to announce our very first developer-preview of the Ethereum Wallet ÐApp. The point of this release is to gather feedback, squash bugs and, most importantly, get the code audited. Please note that this is a developer-preview and not the final release. We advise you to be extremely careful putting large amount of Ether in the wallet contracts. Using the wallet on the mainnet should only be done with small amounts!   As Steve Ballmer once said Developers! Developers! Developers! And note that this is exactly our target audience, don’t blindly trust us and we ask (and advise!)…