The core developers of Ethereum recently announced that they decided to delay a highly anticipated network upgrade — also known as a hard fork — which is code-named Constantinople. They did this after researchers discovered a serious vulnerability in the upgrade.
What is Constantinople?
Constantinople is a collection of 5 separate proposals to improve Ethereum's software. It is called a hard fork because once the software has been upgraded it will not be backwardly compatible with older versions of the software. This means that all full-node operators of Ethereum must upgrade their software to the new version. These nodes are what validates transactions that come across the network.
Often hard forks of cryptocurrencies can be controversial. This happens because different factions of a cryptocurrency community disagree over a proposed upgrade. Sometimes this can lead to the formation of new currencies. This happened to Bitcoin, which is the most popular cryptocurrency in the world, when people disagreed over a hard fork that would fundamentally change the currency. Bitcoin Cash became a new currency functioning on the hard fork while Bitcoin itself continued using the old software. Ethereum, too, once split over a disagreement over a hard fork, into Ethereum and Ethereum Classic.
Constantinople, though, is not controversial. It consists of the following 5 Ethereum improvement proposals (EIPs):
Adds bitwise shifting operators to the Ethereum Virtual Machine and does so while adding a computational cost that is no more significant than any other arithmetic operation. This will allow the network to process information more efficiently and in a more cost-effective manner.
Creates a new opcode that will allow interactions on the network with addresses that are currently off-chain.
Creates a new opcode that will allow one smart contract to check the status of another smart contract's bytecode without returning the bytecode itself, which is a computationally expensive operation.
Reduces the reward for mining a block for the purpose of delaying what is called the difficulty bomb for another year. It also reduces the possibility that a miner could cause a chain spit as the network moves toward a proof-of-stake model.
Reduces excessive gas costs when using the SSTORE opcode by implementing gas metering changes. It also creates new uses for contract storage.
While all Ethereum nodes will have to upgrade to Constantinople, including those nodes operated by cryptocurrency exchanges, holders of the Ethereum currency will not have to do anything and will not be directly affected by the upgrade.
Why Constantinople Is Being Delayed
Constantinople was scheduled to go into effect at about 04:00 UTC on January 17. But, on January 15, ChainSecurity — which is a smart contract audit firm — reported that EIP 1283 could allow an attacker to steal currency by utilizing a so-called loophole in the software.
In response to this vulnerability, the core developers of Ethereum held a conference call along with developers of various Ethereum clients and other projects on the network. Those participating in the call included Vitalik Buterin, who is the creator of Ethereum, as well as software developers Nick Johnson, Hudson Jameson and Evan Van Ness. During this call, all parties agreed that it would take too long to fix the issue prior to the implmentation of the hard fork. So, they delayed rolling out Constantinople until they could properly assess the vulnerability.
The developers are scheduled to hold another conference call on January 18, at which time they will schedule a new date for implementing the hard fork.
The Nature of Constantinople's Vulnerability
Known as reentrancy attack, the vulnerability lets attackers "reenter" a function many times without a user's knowledge. Joanes Espanol, who is the CTO of a blockchain analytics company called Amberdata, said that someone could use this vulnerability to steal funds. This could happen when a smart contract executes a call to another smart contract. While waiting for the function to return, an attacker could trigger a function that withdraws funds.
Ironically, this vulnerability is similar to the Decentralized Autonomous Organization (DAO) attack that led to Ethereum splitting into two separate currencies.
News of the delay affected the price of Ether, which is the currency used on the Ethereum network. While other cryptocurrencies either rose or fell slightly on January 15, Ether fell more than 6% after the announcement and ended the day trading at around $120.
This is not the first time Constantinople has been delayed. It actually was scheduled to be implemented last year and was delayed when issues were found after implementing the changes on the Ropsten testnet.