Another Vulnerability Was Found In Constantinople
In Constantinople update of Ethereum network was found another vulnerability in two weeks before hard fork. The developers claim the update will implement at the appointed time, but the ETH owners put on the opposite. Vulnerability incluides an affecting a limited number of smart contracts that could utilize self-destruct after the update.
The new feature called Create2 will be able to replace the self-destructing smart contract, thereby changing the rules, explained Jason Carver, developer of the Ethereum Foundation. This will steal all ERC20 pre-approved tokens for the contract.
In the current version of the protocol, the self-destruction function does not pose an additional danger, because the contract could be terminated. However, it will be possible to replace the smart contract with another code that will transmit approved tokens after the upgrade. In his opinion, to warn all potential victims before the update will fail. There are ways to circumvent such attacks, but most of them require an appropriate education.
“Definitely, this will not be possible to do before Constantinople,” he believes.
Probably the majority of survey participants are high-tech developers, but 76% of them are wrong. Adding that the chance to learn about the “self-destruct trick” to a non-developer is minimal.
According to the Afri Shedon, the vulnerability should not affect the hardfork date. However, when asked whether self-destructing smart contracts could steal user funds, “I would also like to know the answer.”
Meanwhile, on the platform for predicting events Augur, built on the Ethereum blockchain, you can bet on whether the Constantinople update will take place at the appointed time.
Recall that the next hardfork Ethereum was to be held on January 16, but was postponed due to critical vulnerability. Previously, the developers announced a new update date - it is activated on the block 7 280 000 or 7 290 000, presumably 27 January.