Leading smart contract and decentralized applications (dApp) crypto-currency platform Ethereum has delayed its highly-anticipated hard-fork because of potential security vulnerabilities that were identified by smart contract audit organization ChainSecurity.
Ethereum was among the biggest losers of 2018’s bear market and by suffering a close-to 90% drop in value, lost its runner-up status to Bitcoin when, in November, Ethereum dropped to third place on the crypto market capitalization list, behind Ripple (XRP).
The network has been anticipating a series of five updates, known collectively as Constantinople, which will incorporate a sequence of Ethereum Improvement Proposals (EIPs) that will split the Ethereum blockchain into two. This would see a new version of the ETH coin superseding the old one, that will eventually fall out of use.
“Out of an abundance of caution, key stakeholders around the Ethereum community have determined that the best course of action will be to delay the planned Constantinople fork that would have occurred at block 7,080,000 on January 16, 2019,” the Ethereum team said in a blog post on January 15.
Ethereal went on to explain that “because the risk is non-zero and the amount of time required to determine the risk with confidence is longer the amount of time available before the planned Constantinople upgrade, a decision was reached to postpone the fork out of an abundance of caution.”
Another post, Medium post by Swiss-based ChainSecurity, said while it did not actually uncover vulnerable smart contracts, it was checking “decentralized exchanges which frequently call ether transfer functions to untrusted accounts followed by state changes afterwards [which] might be vulnerable.”
In slightly plainer language, Chain Security added, by way of explanation that the vulnerability was because “two parties can jointly receive funds, decide on how to split them, and receive a payout if they agree. An attacker will create such a pair … where the first address is the attacker contract … and the second address is any attacker account. For this pair the attacker will deposit some money,” so a hack is then made possible “within one transaction.”
Ethereum’s competitors, that include Tron, EOS, NEO and NEM, all offer smart contract and decentralized application platforms that have been seen by many in the industry as being more efficient. As such the platform improvements were supposed to be a big boost that would help Ethereum’s image among investors.
It’s not the first time Constantinople has been delayed. The upgrade was originally scheduled to go live in November 2018, but that time was postponed due to system bugs. News of the latest delay saw Ethereum’s price fall by just over 5%, before leveling off in late Asian trading on Thursday.
No new date has been fixed for the upgrade, although Ethereum developers could set one on a call this Friday.