search newsletter login upgrade

A Constantinople postponement postmortem

by Matteo Leibowitz

January 16, 2019, 5:00PM EDT  ·  3 min read

Quick Take

  • Ethereum’s Constantinople network upgrade has been postponed after a vulnerability was discovered relating to EIP-1283
  • More than 80% of nodes are now running a non-Constantinople client
  • Core developers will convene on Friday to decide what the course of action will be
  • The vulnerability raises interesting questions regarding the extent and definition of Ethereum’s immutability

by Matteo Leibowitz

January 16, 2019, 5:00PM EDT  ·  3 min read

What happened?

Just one day before Ethereum’s Constantinople network upgrade was set to take place, ChainSecurity, a smart contract auditing service, disclosed an unintended consequence related to EIP-1283’s introduction of cheaper gas costs for SSTORE operations, which could open up existing contracts to reentrancy attacks.

While actually successfully exploiting the vulnerability is considered highly implausible, and ChainSecurity was unable to find any existing contracts that would be at risk, core developers, client developers, and additional community stakeholders nevertheless decided that the upgrade should be postponed pending further testing and consideration.