Author: Michael Johnson
Insecurely configured Ethereum clients with no firewall and unlocked accounts can lead to funds being accessed remotely by attackers. Affected configurations: Issue reported for Geth, though all implementations incl. C++ and Python can in principle display this behavior if used insecurely; only for nodes which leave the JSON-RPC port open to an attacker (this precludes most nodes on internal networks behind NAT), bind the interface to a public IP, and simultaneously leave accounts unlocked at startup. Likelihood: Low Severity: High Impact: Loss of funds related to wallets imported or generated in clients Details: It’s come to our attention that some…
Unfortunately we were not able to secure the venue for devcon one in London on the dates desired (October 5th-8th). As a consequence we are postponing the event until further notice. Please do not make travel plans at this time. Updates will be forthcoming on the devcon one website …. Source link
State transition and consensus issue in geth client causes panic (crash) when processing a (valid) block with a specific combination of transactions, which may cause overall network instability if block is accepted and relayed by unaffected clients thus causing a DoS. This may happen in a block that contains transactions which suicide to the block reward address. Affected configurations: Issue reported for Geth.While investigating the issue, related issues were discovered and corrected in pyethereum, hence pyethapp is also affected. C++ clients are unaffected. Likelihood: Low Severity: High Complexity: High Impact: Network Instability and DoS Details: A block containing a specific…
Implementation bug in the go client leads to steady increase of difficulty independent of hashing power. Affected configurations: All Go client versions v1.0.x, v1.1.x, release and develop branches. The bug was introduced in a recent update and release through commit https://github.com/ethereum/go-ethereum/commit/7324176f702a77fc331bf16a968d2eb4bccce021 which went into the affected client versions. All miners running earlier mentioned versions are affected and are advised to update as soon as possible. Likelihood: High Severity: Medium Impact: Increase in block time will lead to an exponential increase in difficulty Details: A bug in the go client leads to steady increase in difficulty in the following block, as…
To the wonderful Ethereum Community, You often heard me say at conferences that Ethereum was not a company, a foundation, an implementation, or an individual. Ethereum is both an idea and an ideal, encompassing the first censorship-resistant network build specifically to enable those who need it the most to safely trade, privately self-organise and freely communicate, rather than relying on the crippled walled garden handed out by the powers that be. Due to divergence in personal values, Eth/Dev and I have mutually decided to part ways. I of course intend to continue promoting the Ethereum ideals and bring about a…
Summary: Implementation bug in the go client may lead to invalid state Affected client versions: Latest (unpatched) versions of Go client; v1.1.2, v1.0.4 tags and develop, master branches before September 9. Likelihood: Low Severity: High Impact: High Details: Go ethereum client does not correctly restore state of execution environment when a transaction goes out-of-gas if – within the same block – a contract was suicided. This would result in an invalid copy operation of the state object; flagging the contract as not deleted. This operation would cause a consensus issue between the other implementations. Effects on expected chain…
Ethereum (ETH) holds near $3,000 as institutions accumulate despite mixed short-term sentiment. Strong staking, wallet growth, and ETF inflows support Ethereum’s price floor. ERC-8004 could unlock AI-driven on-chain demand and long-term ETH value. Ethereum is entering a pivotal phase as price action, institutional flows, and protocol-level innovation begin to converge. After a volatile start to the year, ETH has reclaimed the $3,000 level, signalling renewed confidence among both traders and long-term holders. At the time of writing, Ethereum is trading near $3,010, with a market capitalisation of roughly $364 billion and a 24-hour trading range between $2,899 and $3,028. This…
One of the largest sources of confusion in the question of blockchain security is the precise effect of the block time. If one blockchain has a block time of 10 minutes, and the other has an estimated block time of 17 seconds, then what exactly does that mean? What is the equivalent of six confirmations on the 10-minute blockchain on the 17-second blockchain? Is blockchain security simply a matter of time, is it a matter of blocks, or a combination of both? What security properties do more complex schemes have? Note: this article will not go into depth on the…
We are happy to announce our very first developer-preview of the Ethereum Wallet ÐApp. The point of this release is to gather feedback, squash bugs and, most importantly, get the code audited. Please note that this is a developer-preview and not the final release. We advise you to be extremely careful putting large amount of Ether in the wallet contracts. Using the wallet on the mainnet should only be done with small amounts! As Steve Ballmer once said Developers! Developers! Developers! And note that this is exactly our target audience, don’t blindly trust us and we ask (and advise!)…
The foundation is currently in the phase of restructuring its communications activities. Several members of our current communications team in London are soon leaving or reducing their involvement in the Foundation in order to pursue for-profit ventures on top of the Ethereum ecosystem; we wish them the best of luck…. Source link