Posted byMartin Swende on May 3rd, 2017.
A bug in the Solidity optimizer was reported through the Ethereum Foundation Bounty program, by Christoph Jentzsch. This bug is patched as of 2017-05-03, with the release of Solidity 0.4.11. Background The bug in question concerned how the optimizer optimizes on constants in the byte code. By “byte code constants”, we mean anything which is […]
Posted byHudson Jameson on December 19th, 2016.
On December 16, we were made aware that someone had recently gained unauthorized access to a database from forum.ethereum.org. We immediately launched a thorough investigation to determine the origin, nature, and scope of this incident. Here is what we know: The information that was recently accessed is a database backup from April 2016 and contained […]
Posted byVitalik Buterin on November 25th, 2016.
Security Alert Affected configurations: Geth Severity: High Summary: An issue has been identified with Geth’s journaling mechanism. This caused a network fork at block #2686351 (Nov-24-2016 14:12:07 UTC). The new Geth release 1.5.3 fixes the journaling issue and repairs the fork. Details: Geth was failing to revert empty account deletions when the transaction causing the […]
Posted byHudson Jameson on November 18th, 2016.
The Ethereum network will be undergoing a hard fork at block number 2,675,000, which will likely occur between 15:00 and 16:00 UTC on Tuesday, November 22, 2016. A countdown timer can be seen at https://fork.codetract.io/. The Morden test network will be undergoing a hard fork at block number 1,885,000. As a user, what do I […]
Posted byVitalik Buterin on October 31st, 2016.
One of the important indicators of how much load the Ethereum blockchain can safely handle is how the uncle rate responds to the gas usage of a transaction. In all blockchains of the Satoshian proof-of-work variety, any block that is published has the risk of howbecoming a “stale”, ie. not being part of the main […]
Posted byFabian Vogelsteller on October 27th, 2016.
Mist leaks some low level APIs, which Dapps could use to gain access to the computer’s file system and read/delete files. This would only affect you if you navigate to an untrusted Dapp that knows about these vulnerabilities and specifically tries to attack users. Upgrading Mist is highly recommended to prevent exposure to attacks. Affected configurations: All […]
Posted byHudson Jameson on October 18th, 2016.
The Ethereum network will be undergoing a hard fork at block number 2463000, which will likely occur between 12:00 and 13:00 UTC on Tuesday, October 18, 2016. A countdown timer can be seen at https://fork.codetract.io/. As a user, what do I need to do? Download the latest version of your Ethereum client: Latest version of […]
Posted byMartin Swende on October 13th, 2016.
During the last couple of weeks, the Ethereum network has been the target of a sustained attack. The attacker(s) have been very crafty in locating vulnerabilities in the client implementations as well as the protocol specification. While the recent patches have led to an overall increased resiliency in the client implementations, the attacks have also […]
Posted byFelix Lange on June 28th, 2016.
Affected configurations: geth 1.4.8 Likelihood: High Severity: High Details: An attack vector has been identified in the freshly released implementation of the DAO soft fork. The fork enactment code in geth (and other clients) allows execution of EVM code up to the block gas limit without paying for gas. This can slow down mining and prevent inclusion of […]