Ethereum News, Technology

Parity Admits to “Critical” Vulnerability in Testnet That Could Corrupt Ethereum

Parity Admits to “Critical” Vulnerability in Testnet That Could Corrupt Ethereum

Users of Parity Ethereum were warned to update after a “critical” consensus issue was discovered — one that could potentially corrupt up to 30% of the world’s second most successful blockchain.

Reported in a security alert, UK-based Parity Technologies described a “potential consensus-related issue” on its Ropsten testnet:

“In the worst case, submitting a certain malformed transaction (coming from a 0xfff…fff address) to a mining Parity Ethereum node could have caused that node to produce a malformed block, which would still be treated as valid by other affected Parity Ethereum nodes.”

If the error remained unnoticed, users of the Parity Ethereum client would fall out of sync with the wider network — leading to rejected transactions and a chain split. According to the public record of Parity-based Ethereum nodes, this failure would affect nearly a third of the entire Ethereum network.

Now, all users must update to an amended version of the third-party Ethereum client — or they risk corrupting the Ethereum mainnet. Parity appealed to any entity using its software:

“Please update your nodes as soon as possible and then double check that you are running version 1.10.6-stable or 1.11.3-beta.”

Parity Under Fire Once Again

This is not the first time Parity admitted a critical failure. In 2017, the company’s MultiSig Wallet software recorded several multi-million dollar losses.

In the wake of a July 2017 hack for 150,000 ETH, the firm again caused “considerable stress and confusion” when it “accidentally” locked up users’ funds worth over $300 million.

Although Parity expressed deep remorse for the latter error, the failure seemingly could have been avoided. In a confession titled a “Postmortem,” Parity admitted to neglecting a warning of the vulnerability in August — nearly three months before the “MultiSig Library Self-Destruct”:

“In August, a Github contributor called “3esmit” recommended a code change that initWallet should be called when being deployed which at the time was considered a convenience enhancement.”

Parity’s latest blunder is now remedied. However, one may wonder how many misgivings users can tolerate before losing faith. As institutions and individuals are seduced with faster, more robust blockchains, the Ethereum Foundation may begin eliminating the weak links.

Cover Photo by Ricardo Gomez Angel on Unsplash

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.

Did you like this article? Join us.

Get blockchain news and crypto insights.

Join Us on Telegram
Author

Jonnie Emsley

Jonnie Emsley is a freelance writer and blockchain enthusiast based in Ho Chi Minh City, Vietnam. Discovering new corners of Southeast Asia and emerging cryptocurrencies give him a buzz like none other.

View author profile