On January 16, 2019, ChainSecurity, a smart contact audit firm, released the results of an audit carried out on the Constantinople Hard Fork which was found to be vulnerable to reentrancy attacks. The Hard Fork Launch has since been postponed.
The Various Possible attacks
According to the report published by ChainSecurity, there are a number of vulnerabilities on the Constantinople hard fork that leave it open to a possible ‘reentrancy attack’.
The news broke on the same day that the Ethereum Classic Team announced the formation of the ETC Core Labs team.
The report states that whilst the current Constantinople upgrade helps users by introducing lower transaction costs, it also means that reentrancy attacks are more likely and can be done through the use of certain ETH smart contract commands.
What Is A Reentrancy Attack?
It involves a malicious party stealing funds from a network and is achieved by an attacker repeatedly asking the network for funds while supplying false information about their ETH account balance.
This makes the reentrancy vulnerabilities a very serious matter that could stall the project to avoid funds going missing, especially in light of the recent 51 percent Attack on Ethereum Classic.
According to Afri Schoedon, the hard fork coordinator at Ethereum, the development team has been made aware of the threat.
In response to this new revelation, the management of Ethereum has scheduled an all-core-dev call for January 18, 2019, to decide what will be done about the issue.
Also, the launch of Constantinople has also been shifted from this week, with Schoedon saying, “We will decide (sic) further steps on Friday in the all-core-devs call. For now, it will not happen this week.