As everybody probably know, at block 7’080’000 there will be a network upgrade on ethereum network. This should be around january 17th 2019. Code name Constantinople. The upgrade has been delayed since new communications by ethereum fondation, because of security matters

From ethereum team informations, there are the following important notices to take care of. Immediate actions are:

Nodes Operators

  • Upgrade Geth to 1.8.21
  • Upgrade Parity 2.2.7 stable

but this impacts only on Miners, Exchanges, Node Operators.

Normal users

People who holds on Ledger, Trezor, Safe-T, Parity Signer, WallEth, Paper Wallets, MyCrypto, MyEtherWallet and other users or token holders that do not participate in the network by syncing and running a node: you have nothing to do!

  • You do not have to do anything.

Contract owners

  • You do not have to do anything.
  • You may choose to examine the analysis of the potential vulnerability and check your contracts.
  • However, you do not have to do anything as the change that would introduce this potential vulnerability will not be enabled.

You should check the following:

  • EIP-1283 introduces cheaper gas cost for SSTORE operations
  • Some smart contracts (that are already on chain) may utilize code patterns that would make them vulnerable to a re-entrancy attack after the Constantinople upgrade took place
  • These smart contracts would not have been vulnerable before the Constantinople upgrade

Contracts that increase their probability to being vulnerable are contracts that utilize a transfer() or send() function followed by a state-changing operation. An example of such a contract would be one where two parties jointly receive funds, decide on how to split said funds, and initiate a payout of those funds.

 

[urlpreviewbox url=”https://medium.com/chainsecurity/constantinople-enables-new-reentrancy-attack-ace4088297d9″/]

 

subscribe to our newsletter to get access to the free eBook on ethereum blockchain