News Developers Fix Parity Ethereum Node Vulnerability, Urge All Node...

Developers Fix Parity Ethereum Node Vulnerability, Urge All Node Operators to Update


- Advertisment -

A bug found in the Parity node/wallet software threatened a considerable proportion of the Ethereum infrastructure. Fortunately, the company has already issued a patch to fix the vulnerability.

The issue was discovered on February 3rd when Parity received several reports that attackers were able to send a specially-crafted RPC request to public Parity Ethereum nodes.

“On February 3rd, we received several reports that an attacker can send a specially-crafted RPC request to a public Parity Ethereum node (any version pre 2.2.9-stable and pre 2.3.2-beta) and that node will crash,” the announcement read.

The bug had opened up an attack vector to allow nodes to be forced offline by potential attackers. If undiscovered, the attack could have threatened a sizeable portion of the Ethereum infrastructure.

It would appear that the only affected nodes were the ones synced up to the JSON-RPC public services like Infura, MyEtherWallet, and MyCrypto, however, all Parity node operators are encouraged to update to the latest upgrade.

According to Etherscan, Parity clients serve more than a quarter of the Ethereum nodes, specifically those that use public JSONRPC Ethereum service and operate some very important Ethereum apps, including Infura, MyEtherWallet, and MyCrypto.

Described as “the secret weapon of Ethereum infrastructure,” Infura alone provides connectivity to the Ethereum network for a number of key products and projects, such as Metamask, CryptoKitties, the 0x Protocol, and many others.

Much of the attention lately has been on the delay of Constantinople, Ethereum’s major update, caused by potential security issues. The vulnerability, identified by security audit company ChainSecurity on January 15, could potentially make some smart contracts on Ethereum vulnerable to a so-called “re-entrancy attack,” enabling an attacker to steal other people’s ETH.

There was confusion following the delay, as many Ethereum nodes that already upgraded were forced to downgrade back to the stable build. What’s more, Parity developer Afri Schodeon noticed that Ethereum’s “difficulty bomb” had been activated, which might cause problems before the Constantinople upgrade (scheduled for February 27) is finally activated.

Follow Bitnewsbot on Twitter and Facebook!

Source link


Please enter your comment!
Please enter your name here

Latest news

3 Beginner Friendly Ways to Make Money with Cryptocurrency 2020

In this article, we will explain how to make money with cryptocurrency in 2020. These methods are...

Blockchain, Bitcoin, and Mashed Potatoes

According to studies, over the next 5 years, many of the major supermarkets are expected to...

Different Facets of Biometric Authentication and How They Are Making A Difference in The Financial Sector

When we think of authentication in the true sense, then we find ourselves amid the different proven...

UNICEF’s 125 ETH Investment Took Less Than 20 Minutes and Cost Less Than $20

"The digital world is coming to us faster than we could have imagined," said UNICEF chief Chris...
- Advertisement -Developers Fix Parity Ethereum Node Vulnerability, Urge All Node Operators to Update

Analysis: Is Bitcoin (BTC) Still Viewed As A Dark Web Currency?

There is a long past of Bitcoin (BTC) – due to its anonymity – being used in...

A Beginner’s Guide to Day Trading Crypto

Much of the activity that comes from the crypto-space originates from the crypto-trading community. Buying and selling...

Must read

Blockchain, Bitcoin, and Mashed Potatoes

According to studies, over the next...
- Advertisement -

You might also likeRELATED
Recommended to you