Ad
News
Parity admits to “critical” vulnerability in testnet that could corrupt Ethereum Parity admits to “critical” vulnerability in testnet that could corrupt Ethereum
🚨 This article is 7 years old...

Parity admits to “critical” vulnerability in testnet that could corrupt Ethereum

Parity admits to “critical” vulnerability in testnet that could corrupt Ethereum

Photo by Ricardo Gomez Angel on Unsplash

Join Japan's Web3 Evolution Today

Users of Parity Ethereum were warned to update after a “critical” consensus issue was discovered — one that could potentially corrupt up to 30% of the world’s second most successful blockchain.

Reported in a security alert, UK-based Parity Technologies described a “potential consensus-related issue” on its Ropsten testnet:

“In the worst case, submitting a certain malformed transaction (coming from a 0xfff…fff address) to a mining Parity Ethereum node could have caused that node to produce a malformed block, which would still be treated as valid by other affected Parity Ethereum nodes.”

If the error remained unnoticed, users of the Parity Ethereum client would fall out of sync with the wider network — leading to rejected transactions and a chain split. According to the public record of Parity-based Ethereum nodes, this failure would affect nearly a third of the entire Ethereum network.

Now, all users must update to an amended version of the third-party Ethereum client — or they risk corrupting the Ethereum mainnet. Parity appealed to any entity using its software:

“Please update your nodes as soon as possible and then double check that you are running version 1.10.6-stable or 1.11.3-beta.”

Parity Under Fire Once Again

This is not the first time Parity admitted a critical failure. In 2017, the company’s MultiSig Wallet software recorded several multi-million dollar losses.

In the wake of a July 2017 hack for 150,000 ETH, the firm again caused “considerable stress and confusion” when it “accidentally” locked up users’ funds worth over $300 million.

Although Parity expressed deep remorse for the latter error, the failure seemingly could have been avoided. In a confession titled a “Postmortem,” Parity admitted to neglecting a warning of the vulnerability in August — nearly three months before the “MultiSig Library Self-Destruct”:

“In August, a Github contributor called “3esmit” recommended a code change that initWallet should be called when being deployed which at the time was considered a convenience enhancement.”

Parity’s latest blunder is now remedied. However, one may wonder how many misgivings users can tolerate before losing faith. As institutions and individuals are seduced with faster, more robust blockchains, the Ethereum Foundation may begin eliminating the weak links.

Posted In: , Technology