Ethereum customers who fail to upgrade to fix known vulnerabilities are a threat to the entire network. This is stated in a new study based in Berlin Security Research Labs.
Blockchain technology assumes that participants take rational actions. Among all blockchain users: https://t.co/oBWTudCqZR #blockchain #cryptocurrency #ethereum #SRLabs #patchgap #patching #research pic.tai.com/edreoIs20p
– Security_Research_Labs (@SecReLabs) May 17, 2019
Using data from ethernodes.org , analysts found that a large number of nodes with the most popular clients of Parity and Geth were not updated for a long time after the release of official patches, thus remaining vulnerable to attacks.
As an example, Security Research Labs cites a vulnerability that they discovered in February in the Parity client – using it, attackers can remotely disrupt the work of the nodes.
“According to the data received, by now only two thirds of the nodes have been patched. Soon after we reported the vulnerability, Parity issued a warning about a security breach, urging participants to upgrade the nodes, ”the researchers write.
They also talk about a different patch, which was released on March 2 – 30% of the Parity nodes did not install it. Another 7% of clients are on the version open to the critical vulnerability of the consensus, although the necessary upgrade was released in July last year.
Analysts say that although Parity clients can be updated automatically, this is a rather complicated process, and not all nodes support this option.
The situation with Geth clients who do not have the auto-update feature is even more complicated.
“About 44% of Geth nodes visible on ethernodes.org use versions below v.1.8.20, which are critical from the point of view of updates, ” say representatives of Security Research Labs
According to them, leaving such a large number of nodes open to attacks, their owners threaten the entire network of Ethereum, making it also vulnerable to attacks 51%.
As a solution to the problem, Security Research Labs proposes to integrate the automatic update feature into the software of all default nodes. Another possible measure, in addition to raising the awareness of network participants, is a higher level of network decentralization by reducing the concentration of hashrate among miners, although this will not be easy.
Recall that in March, BitMEX Bitcoin Bitcoin research division launched an analytical resource nodestats to collect information on the work of various software implementations for the Ethereum network and compare their performance. At the same time, BitMEX launched a full node based on the Parity client, detecting certain problems in its work.
Subscribe to the BlockchainJournal news in Telegram: BlockchainJournal Live – the entire news feed, BlockchainJournal – the most important news and polls.
BlockchainJournal.news
BlockchainJournal.news
