On January 16, the network of the third-largest cryptocurrency by capitalization was supposed to activate the Constantinople upgrade. Less than a day before the long-awaited hard fork, however, the Ethereum team announced their decision to postpone the upgrade indefinitely. The reason was a critical vulnerability found in one of the scheduled updates. DeCenter reviewed the Constantinople hard fork plan and the reasons for its postponement.
The development of the Ethereum network has always implied a phased introduction of large-scale changes. So, even though the launch of the platform took place in July 2015, it fully started working only in March 2016, when the Homestead protocol was launched on the network instead of the alpha version of the Frontier protocol. Next, the developers of the Ethereum Foundation offered a large-scale software update called Metropolis. Since this update included global changes in the network, the team decided to divide Metropolis into two stages, the Byzantium, which took place in October 2017, and Constantinople, scheduled for January 16 of this year when the network reaches 7,080,000 blocks. It is noteworthy that the activation of Constantinople will be the last step before the launch of the Serenity upgrade, under which the entire network will move from PoW to PoS.
The Constantinople hard fork includes five large-scale proposals for improving network performance, or EIPs (Ethereum Improvement Proposals), each of which will facilitate a smoother transition to a new consensus algorithm:
EIP 145. The update was proposed by Alex Beregszaszi and Paweł Bylica in February 2017 and implies the introduction of native bitwise shifting instructions into the Ethereum Virtual Machine (EVM). Thus, data transmission over the network will be ten times faster, more efficient, and less expensive.
EIP 1014 is an update created by Vitalik Buterin in April 2018, the purpose of which is to provide a solution to the problem of scalability through the use of off-chain transactions. Thus, users can interact with addresses that are not yet in the blockchain.
EIP 1052. This upgrade was designed by Paweł Bylica and Nick Johnson in May of last year. It allows users to optimize the process of executing complex code in the Ethereum blockchain.
EIP 1234. In July 2018, the release manager of the main client of the Parity network, Afri Schoedon, proposed this update, in which the miners’ reward will be reduced from 3 to 2 Ethers, and the launch of the “difficulty bomb” will be postponed for a year. The latter is the concept that will complicate the production of new blocks over time so the network will become unsuitable for the work of miners. This update is aimed at preparing the network for switching to the PoS algorithm and is a kind of protection against the branching, as happened in the case of Ethereum Classic.
EIP 1283. This update was proposed by Wei Tang in August of last year and is intended to reduce gas costs. It was specifically designed for the Ethereum network developers, who will be able to use the new pricing method.
It is noteworthy that of all the updates, it is EIP 1234 that evokes the hottest discussions among members of the crypto community. The reason for this is the delayed activation of the “difficulty bomb,” which would make mining in the Ethereum network too long and complicated and, accordingly, unprofitable. This is a period called the “Ethereum Ice Age” by the developers, during which all users will be forced to switch to a network that supports the new PoS consensus algorithm, and the old PoW chain will remain in a “frozen” state.
But since the network is not ready for a smooth transition to PoS, the development team decided to postpone the “difficulty bomb” and the “Ice Age” for 12 months. Afri Schoedon believes that this decision was “the best option to stabilize issuance in a delayed bomb scenario.”
What Is Wrong with Constantinople?
On the evening of January 15, CoinDesk announced the indefinite postponement of Constantinople. The reason for this was the critical vulnerability discovered by ChainSecurity, a company that audits smart contracts.
Earlier, ChainSecurity published evidence on its official blog that the activation of EIP 1283 would allow fraudsters to launch a reentrancy attack, in which hackers can withdraw user funds an infinite number of times. Joanes Espanol, a CTO at Amberdata analytics firm, explained that during the attack, the fraudsters would be able to use the functions of smart contracts to gain access to other people’s funds: “Imagine that my contract has a function which makes a call to another contract… If I’m a hacker and I’m able to trigger function a while the previous function was still executing, I might be able to withdraw funds.” In June 2016, a similar vulnerability was discovered in the decentralized fund of The DAO, as a result of which the fraudsters managed to steal about $50 million.
Moreover, as noted by representatives of ChainSecurity, before activating Constantinople, 5,000 gas is charged for data storage operations in the Ethereum network, which is much higher than the 2,300 gas required to call a smart contract through the transfer and send functions. As part of the upgrade, “dirty” data storage operations will cost 200 units of gas. So, the attacker will be able to use 2,300 units of gas to successfully manipulate the variables of other contracts.
On the day of the publication of ChainSecurity analysis, the key players of the Ethereum ecosystem held a video conference to see if they could fix the problem before launching the hard fork. Vitalik Buterin, Nick Johnson, Hudson Jameson, Evan van Ness, and Afri Schoedon participated in the meeting. The team decided to postpone Constantinople and set a new network upgrade deadline by the end of the week.