Ethereum network survives malicious attack, but raises serious security concerns ๐จ This article is 5 years old...
Ethereum network survives malicious attack, but raises serious security concerns
2 min read
Updated: Jan. 2, 2020 at 10:59 am UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
The Ethereum (ETH) blockchain survived what appeared to be an intentional attack on December 31, which reportedly came very close to bringing down the entire network. Liam Aharon, an Australia-based blockchain developer, confirmed that the attack exploited a software glitch in a widely-used Ethereum client, called Parity.
As noted by Sergio Demian Lerner, a cryptocurrency security consultant:
โThe attack is simple: you send to a Parity node a block with invalid transactions, but valid header (borrowed from another block). The node will mark the block header as invalid and ban this block header forever but the header is still valid.โ
George Pรฎrlea, a distributed systems expert, further explained:
โThe attack consists of sending a block along with a header that doesn’t match the block. Parity verified the block, noticed it did not match the header, and then marked the *header* as bad. This means the real/correct body would never be downloaded.โ
Aharon pointed out that the attack exploited a bug in the Parity client by โtrickingโ the vulnerable nodes. This was done by making them think that a valid block was invalid.
Aharon mentioned that a significant number of Parity Ethereum nodes became unsynced with the Ethereum network. Although a software patch was released about 14 hours after the attack had been reported, there are still several Ethereum nodes that havenโt been updated, Aharon revealed.
This time, Aharon noted, the attack failed to bring down the Ethereum network because thereโs another popular ETH client, called Geth, which is reportedly immune to this particular attack.
Aharon argued that if the Ethereum community did not have Geth, then the attack would have been quite serious.
He also said he’s concerned because Parity confirmed this month that they were planning to end support for the client, and were preparing to delegate maintenance to a distributed autonomous organization.
Aharon pointed out that maintaining a client is hard work, and that heโs worried that with fewer resources supporting Parity, the Ethereum community might only have Geth in 2020. He argued that if there was only one Ethereum client, then attacks similar to the one experienced on New Yearโs Eve could potentially bring down the entire network, instead of only being inconvenient.
Aharon acknowledged that he doesnโt know what the best solution might be, however, as someone who regularly manages Ethereum infrastructure, heโs aware of the significant risk of relying on only one client.
A Twitter user pointed out that only around 20 percent of Ethereum nodes are currently running Parity, so the attack didnโt actually come close to taking down the network. He added that even if there were more Parity clients, then a Geth node could still be created in a few hours.
Responding to the userโs comments, Aharon asked what would happen if the attack affected Geth instead of Parity. Aharon also recommending having multiple Ethereum clients in order to survive such attacks in the future.
Latest Ethereum Stories
Featured Story
Advertise Here
In this article
Ethereum is a decentralized, open-source blockchain platform that enables the creation of smart contracts and decentralized applications (DApps).
