Ethereum’s (ETH) approaching Constantinople upgrade activates vectors for reentrancy attacks, as per ChainSecurity – a smart contract auditing platform, according to a Medium report on January 15, 2019. A reentrancy attack engages a particular function in a smart contract to be called several times before the smart contract is completely performed.
As per ETH’s wiki page, this event may have led the various conjurations of the function to act together in destructive and malicious ways. One example of reentrancy attack includes that of 2016 DAO hack.
As per ChainSecurity, post-Constantinople upgrade, the functions “address.transfer(….)” & “address.send(….) are susceptible to attack in Solidity smart contracts. Employing these functions, a malicious attacker can call an attack function on his individual smart contract and slip other user’s ETHs out of the contract.
ChainSecurity reveals that this is only viable when particular preconditions are fulfilled that would make a contract susceptible to attacks. The company also states that it has yet to disclose smart contracts susceptible to attack.
Below is a clear example of the attack being conducted on the ETH Ropsten testnet.
The release manager for Parity Technologies, Afri Schoedon, reveals that his company is verifying the report, looking into the severity, and planning next steps, according to a reddit post.
ETH’s Constantinople Upgrade Delayed
Therefore, ETH’s long-awaited Constantinople upgrade has been suspended after a vital vulnerability was ascertained in one of planned changes.
Read the details in the article of Coinidol dot com, the world blockchain news outlet:
https://coinidol.com/chainsecurity-reveals-ethereum-constantinople-upgrade/
. 
. 
. 
. 
. 
. 
Shop
Topic: ChainSecurity Reveals Ethereum Constantinople Upgrade Activates Reentrancy Attac (Read 2757 times)
Latest news: