Another vulnerability

discovered in the Constantinople update for the Ethereum blockchain

The Ethereum development team (ETH) has announced the discovery of a new vulnerability in the fork code Constantinople, which is scheduled for February 27.

The detected error can create risks for the self-destruction of smart contracts . User funds can be stolen after the Create2 function replaces the liquidated smart contract and changes the functioning mechanism.

Initially, the software update network broadcast was to be held in January. However, due to the discovery of a critical vulnerability in the hard forks code, it was decided to postpone the update to February 27 . The developers admitted that this error could lead to the loss of funds of users of the platform.

Representative of the Ethereum Foundation team Jason Carver stressed:

“The option of self-destruction of a smart contract does not in itself bear any risks for the platform, but after updating the software, attackers can use the code to steal tokens.”

Carver encouraged users to explore the self-destruct function of a smart contract in its code. If the option of eliminating without a sufficient period of activity is detected, the user should avoid interacting with the smart contract code.

Developers plan to give the Create2 solution an additional function to protect against replay.

The discovered vulnerability does not affect the hardfork date in any way, the developers stressed. The software update should be completed on February 28, it is designed to significantly improve the performance of the broadcast platform and the security of ETH transactions .

Publication date 13.02.2019
Share this material on social networks and leave your opinion in the comments below.