This episode is sponsored by and The Sun Exchange.
On Tuesday, May 18, the Ethereum Foundation published a blog post detailing a previously unknown attack vector on Ethereum where certain transactions could overwhelm the network and delay block production from a matter of seconds to minutes.
“It wasn’t a sort of classic security vulnerability in that nobody was going to get hacked,” said Edgington. “It was more a [Denial of Service] opportunity, a griefing attack. So there was potentially a way that the chain could be slowed down. Blocks would take much longer to produce and process than they ought to.”
According to the blog post, this security vulnerability was first discovered by Ethereum researchers Hubert Ritzdorf and Matthias Egli who shared their findings with members of the Ethereum Foundation through the organization’s bug bounty program on Oct. 4, 2019.
For the six months that developers were working on a solution to the known threat, it was important to keep work somewhat hidden from the public view. The last thing developers wanted was for a potential attacker to find out about this security vulnerability and take advantage of it before a fix to the network was implemented.
While this may raise concerns about transparency and centralization, Kim notes that “no code is absolutely perfect.”
“These kinds of security vulnerabilities are unavoidable,” said Kim. “It’s just a matter of preparing for them by having these centralized players like the Ethereum Foundation to fund bug bounties and to have a known core development team … to keep [things] on the down low until they figure out a fix.”
To listen to the full commentary about Ethereum development and ongoing progress for Ethereum 2.0, listen to this week’s episode of Mapping Out Eth 2.0.
Links mentioned in this podcast:
- What’s New In Eth2 (www.eth2.news)
- Valid Points (https://www.coindesk.com/newsletter/valid-points)
- Dodging a bullet: Ethereum State Problems (https://blog.ethereum.org/2021/05/18/eth_state_problems/)