In the hardfork code Constantinople re-discovered the vulnerability

The developers of the Ethereum Foundation reported a new bug in the upcoming Constantinople network update. According to Trustnodes , the detected vulnerability affects some smart contracts with the possibility of self-destruction.

Thus, a function called Create2 can replace a self-destructed smart contract, simultaneously changing the rules specified in it, which could potentially lead to loss of funds.

“The self-destruction function does not carry additional risks in the current protocol version, however, after the update, the code can be used to steal all allocated tokens of the smart contract ,” said Jason Carver, developer of the Ethereum Foundation.

He recommended that users carefully study the smart contract code for the presence of a self-destruct function in it without a proper period of inactivity and in that case not interact with it.

Among the possible technical solutions to this problem, developers propose to register in the function Create2 additional protection against replay.

It is expected that the removal of the bug will not affect the date of activation of the hard forks of Constantinople, which should take place between February 26 and 28.

Recall that in the middle of last month, an upgrade on the Ethereum network was postponed due to the critical vulnerability in EIP-1283, which potentially allowed attackers to steal users' funds.

Subscribe to the BlockchainJournal news in Telegram: BlockchainJournal Live – the entire news feed, BlockchainJournal – the most important news and polls.