Bug affects over 35% of Ethereum clients
A bug affecting older versions of a major Ethereum (ETH) client is causing these nodes to be separated from the main network. Despite a late fix to the Ethereum client “Geth”, a portion of validators failed to update to the latest version, causing a fork in the network.
According to Ethereum France’s definition, a node refers to software known as a “client”. A client is an implementation of Ethereum that verifies the transactions of each block, which ensures network security and data accuracy. Many client implementations exist on Ethereum. What they have in common is that they all follow a formal specification. This specification dictates how the network works.
Here, an unknown individual or group exploited a vulnerability affecting earlier versions of Geth, one of Ethereum’s software clients. As a result, Geth clients and Ethereum nodes running software v1.10.7 or earlier are at risk of separating from the network.
According to data from Ethernodes.org, 74.4% of all Ethereum nodes are running Geth, and only 47.4% of Geth clients are currently running v1.10.8, meaning that about 35.3% of all nodes on the network are potentially at risk.
Andre Cronje, founder of the Yearn.finance (YFI) protocol, said:
“Stay away from transactions for a while until they are confirmed, unless you are sure you are submitting to the latest version of Geth.”
What are the consequences?
While some of the nodes have separated from the network, it doesn’t seem to have had any major ramifications yet. It appears that the majority of miners are running updated versions of Ethereum, which means that the hash rate supports the longer chain.
As for nodes running older versions of Geth, they are effectively unable to access the main network. Therefore, while vulnerabilities are possible, the network appears to be stable for the time being.
Martin Swende, head of security at the Ethereum Foundation, explained:
“A consensus bug hit the Ethereum mainnet, exploiting the consensus bug that was fixed in geth v1.10.8. Fortunately, most miners were already updated, and the correct chain is also the longest.»
Ethereum lead developer Tim Beiko stepped in to say that 3 pools appear to have used the wrong version of Geth, including Flexpool, BTC.com and Binance. He said that Flexpool had originally reported the issue so he was aware of it, and that the developers were reaching out to the other two pools.
Read more on the same topic: How to create your Ethereum node with Geth?
Is-Has this type of situation ever happened before?
In April 2021, the second largest Ethereum client “Open Ethereum” suffered a bug that prevented clients from syncing with the network. This meant that nodes running this client were unable to use the blockchain until the error was fixed.
Furthermore, this is not the first time Ethereum has experienced a chain break due to clients running outdated versions of Geth. In November, the Ethereum network experienced a similar disruption after validators failed to upgrade to the latest version of Geth, version 1.10.X.
At the time, Geth developers said the event was due to a lack of communication about the urgency of the upgrade.
Get a crypto news recap every Sunday And that’s it.
About the author : Florent David
Engaged in the crypto ecosystem since 2017. I am particularly interested in decentralized finance (DeFi), Ethereum 2.0 and non-fungible tokens (NFT).
All articles by Florent David.