A critical bug was discovered in one of the two main clients of Ethereum. As the developers of Parity reported in their blog, the bug they discovered could cause their client to be out of sync with the other members of the network who would stop accepting the transactions that they transferred. Although the vulnerability was found in the test environment, there was a possibility of launching it in the main network Ethereum.
Parity encourages all users of their software to update in the shortest time.
According to data from the Ethereum network, a bug could affect approximately 30% of all customers, since this is the portion owned by Parity software. As explained by the representative of the company, the problem was solved before it showed up on the functioning Ethereum nodes.
Several companies, including Bitfly Mining Pool, reported that they have already switched to the updated version of the software (1.10.6-stable or 1.11.3-beta). However, the problem can still be found in other blockboys that use Parity software, for example in Ethereum Classic (ETC).
In a conversation with CoinDesk, Parity developer Wei Tang said that the bug was contained in the code of proposals for improving Ethereum EIP 86.
EIP 86 is intended for integration into a blockchain of “abstraction of accounts”, which will allow transactions to be performed without being signed by the sender. The update was not implemented because of its overall complexity, but Parity developers preferred to add the appropriate code to their client in advance.
“We missed the condition checking in the code, because of which the full Parity nodes could accept the block containing the incorrect transactions,” he explained.
Several such transactions were discovered in the test network Ropsten yesterday. Because they were not compatible with the blockchain Ethereum, supported by other network members, fork between the Parity and Geth clients occurred.
Parity’s head of security Kirill Pimenov explained that in the worst case, such transactions could cause the appearance of incorrect blocks in the main network Ethereum, which would still be considered correct other damaged clients of Parity, which in turn would lead to division into blockchain.