Anticipated to occur on January 17, the long-awaited Ethereum’s Constantinople update has been delayed again. The cause is the recently found loophole in the code which would allow intruders to thieve people’s funds.
Crucial Vulnerability Postpones The Hard Fork
Earlier it was expected that Ethereum’s Constantinople upgrade would take place in mid-January, namely at approximately 04:00 UTC on January 17. However, a critical fragility in the project has been spotted.
As the smart contract audit firm ChainSecurity informed on January 15, Ethereum Improvement Proposal (EIP) 1283, should it be exercised, could let intruders get the advantage of a loophole. Thus, users’ money would be in danger.
The project’s core devs also agreed that fixing the bug might take more time than before January 17. All in all, they came to a conclusion after finding the «breach»: postpone the fork until the safety of users’ funds is guaranteed. Ethereum devs are going to assess the problem, at first.
As CoinDesk reports, the new date for the fork will be decided at the upcoming Ethereum dev call on January 18.
What Is The Matter With The Loophole?
The vulnerability, discussed by Ethereum’s founding father Vitalik Buterin, as well as such devs as Hudson Jameson, Nick Johnson, Evan Van Ness and others at the devs call, is labelled «a reentrancy attack.» This phenomenon allows an intruder to «reenter» the same function numerous times. Moreover, this may happen even without the user knowing what is happening.
Joanes Espanol, chief tech officer of DLT analytics firm Amberdata, recently explained to CoinDesk that such a loophole could let attackers withdraw users’ funds eternally.