Ethereum’s most popular software client, Geth, has issued a hotfix to a high-severity security issue in its code.
The release, titled Hades Gamma (v1.10.8), was posted to the Go Ethereum GitHub at 07:08 UTC Tuesday. Details of the attack vectors and their fixes weren't disclosed "to give node operators and dependent downstream projects time to update their nodes and software," according to a posting on the release page.
Ethernodes.org reports that nearly 75% of nodes on Ethereum run Geth. All these users are encouraged to upgrade immediately to the latest version of Geth, v.1.10.8.
Guido Vranken, a software developer who specializes in finding code vulnerabilities in open-source software, announced he discovered the bug on Aug. 18.
As stated in an early GitHub security advisory post, the vulnerability in Geth could cause a node to no longer be able to process blocks on Ethereum.
The last time a fix for a bug in Geth code was released, it caused a temporary chain split on Ethereum. Due to a deliberate lack of communication from Geth developers about the bug, several computers, also called “nodes,” did not upgrade their Geth client to the fixed implementation, which resulted in a blockchain consensus failure in November 2020.
The Geth developer team said in a post-mortem blog post at the time that not speaking publicly about the security vulnerability was aimed at delaying any potential attacks on node operators who needed more time to upgrade to the latest version.
This time around, Geth developers emphasized in advance the urgent need for all users of their software to upgrade to the latest version, but the initial announcement on Aug. 18 did not explicitly describe the nature of the vulnerability.
“Last time we did a hotfix, people were angry that we didn’t announce it. This time we decided to try it differently. Let’s see which works better,” tweeted Geth developer Péter Szilágyi about Tuesday’s code release.
Major Ethereum-based wallets and services such as Infura have publicly announced on Twitter their support for this new Geth release.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.