Parity crypto service specialists have found a critical consensus bug in the Ethereum test network. The announcement of the discovery was released alongside a fix on the company’s blog page.
As noted by the service representatives, the issue caused users fall out of synchronization as they used the software and as a result other network members could not recognize their transactions. The vulnerability was discovered in the TestNet, but there is concern that it may spread to the main Ethereum network.
“In the worst case, submitting a certain malformed transaction (coming from a 0xfff...fff address) to a mining Parity Ethereum node could have caused that node to produce a malformed block, which would still be treated as valid by other affected Parity Ethereum nodes,” Parity said in it’s report.
Open sources suggest the error could affect up to 30% of Ethereum's network, which uses the Parity software. The company is now urging all users to update the software to the latest version.
The error is related to part of the code from the ethereum improvement proposal 86 (EIP), according to a Parity developer. He also claims that developers “missed a conditional check in our code that caused full node Parity to accept a block containing invalid transactions."
What meant to be be an upgrade to ethereum last year, the EIP 86 was aimed at adding an "account abstraction" system into the blockchain. It would allow for transactions to be processed without the need for a sender's signature.
Although the full update was delayed since it was deemed too convoluted, its code was still added to the Parity client most likely due to the upcoming plans to change up the transaction validating system for ethereum. That process is set to eradicate the bitcoin-style hardware-based mining for good.
By Ekaterina Ulyanova