Bug affects over 35% of Ethereum customers
A bug affecting older versions of a major Ethereum (ETH) client results in these nodes being separated from the mainnet. Despite a late correction of the Ethereum client “Geth”, some of the validators did not update to the latest version, which caused a fork on the network.
According to Ethereum France’s definition, a node refers to software known as a “client”. A client is an Ethereum implementation that verifies the transactions of each block, ensuring network security and data accuracy. Many client implementations exist on Ethereum. What they have in common is that they all follow a formal specification. This specification dictates the operation of the network.
Here, an unknown individual or group exploited a vulnerability affecting earlier versions of Geth, one of Ethereum’s software clients. As a result, Geth clients and Ethereum nodes running software v1.10.7 or earlier may become separated from the network.
According to data from Ethernodes.org, 74.4% of all Ethereum nodes use Geth, and only 47.4% of Geth customers are currently using version 1.10.8, which means that about 35.3% of all network nodes are potentially at risk.
Andre Cronje, founder of the Yearn.finance (YFI) protocol, said:
“Stay away from trades for a while until they are confirmed, unless you are sure you are on the latest version of Geth.”
What are the consequences ?
Although some of the nodes have split off from the network, this does not yet appear to have had significant ramifications. It seems the majority of miners are running updated versions of Ethereum, which means the hash rate supports the longest chain.
As for nodes running older versions of Geth, they are effectively unable to access the mainnet. Therefore, although vulnerabilities are possible, the network appears to be stable at this time.
Martin Swende, head of security at the Ethereum Foundation, explained:
“A consensus bug hit the Ethereum mainnet, exploiting the consensus bug that was fixed in geth v1.10.8. Fortunately, most of the miners were already updated, and the correct string is also the longest. “
Ethereum lead developer Tim Beiko stepped in to say that 3 pools appear to have used the wrong version of Geth, including Flexpool, BTC.com and Binance. He said Flexpool originally reported the issue and was therefore aware of it, and the developers were contacting the other two pools.
👉 To read on the same subject: How to create an Ethereum node with Geth?
Has this type of situation happened before?
In April 2021, Ethereum’s second largest client “Open Ethereum” suffered a bug that prevented clients from synchronizing with the network. This meant that the nodes running this client were unable to use the blockchain until the error was corrected.
Additionally, this is not the first time that Ethereum has experienced a break in the chain due to clients running outdated versions of Geth. In November, the Ethereum network experienced a similar disruption after validators failed to upgrade to the latest version of Geth, version 1.10.X.
At the time, the developers at Geth said the event was due to a lack of communication about the urgency of the upgrade.
Receive a recap of crypto news every Sunday 👌 And that’s it.
About the author: Florent David
Engaged in the crypto ecosystem since 2017. I am particularly interested in decentralized finance (DeFi), Ethereum 2.0 and non-fungible tokens (NFT).
All articles by Florent David.