by Joseph Young
The Ethereum network has experienced several high severity issues over the past week that have weakened the overall security of the network at certain times. This is an overview of recent Ethereum attacks and their impact on the network.
It all started with a security alert from the Ethereum Foundation which explicitly stated that the network’s geth nodes began to crash due to an out of memory bug. The high severity issue caused the Ethereum hashrate to drop by 50 percent before a solution was implemented.
Ethereum Classic remained unaffected, and Ethereum developers immediately released an update as a short-term solution which failed to mitigate the damage caused by the geth node crash. Developers warned miners to switch to parity, the other Ethereum client to prevent geth nodes from being affected by the bug.
Four days after, the Ethereum network suffered from an intense computational DDoS attack, which led to delays in miners and nodes processing blocks. Jeffrey Wilcke, Ethereum co-founder and lead developer released a statement to explain that the EXTCODESIZE opcode was being called roughly 50,000 per block, causing a massive delay in the network.
“URGENT ALL MINERS: The network is under attack. The attack is a computational DDoS, ie. miners and nodes need to spend a very long time processing some blocks. This is due to the EXTCODESIZE opcode, which has a fairly low gas price but which requires nodes to read state information from disk,” wrote Wilcke.
Despite the urgency of the issue, the Ethereum Foundation told its users, miners, and developers that the ongoing DDoS attack is making the Ethereum network stronger, as the attacker is building Ethereum to be more resilient to attacks in the future. The foundation emphasized that while this attack is causing delays in transactions and wallets, it is beneficial for the network in the long run.
“This attack is making Ethereum stronger. Event better, the attacker is paying into the ecosystem (by paying gas costs) to make Ethereum more resilient. Annoying short-term; big win in the long-term,” stated Evan Van Ness. This also suggests that the attack is philosophically and ideologically motivated, as the attacker is spending hundreds of Dollars per day to sustain the offensive.
Vitalik Buterin also released a follow-up statement, hinting a mid-term fix by implementing some low-level protocol changes to replace levelDB. The Ethereum development is planning to change the miner software to cut the gas limit target by two times, while adding additional caches and altering some of the cache settings of the software.
The parity team, which runs the parity nodes that have helped the Ethereum network and its miners pass a serious security and memory issue, is also building their own performance improvements to enhance the network’s security measures and efficiency.
“We are also exploring the option of replacing the levelDB database with something more performant and optimized for our use case, though such a change would not come soon. The Parity team is working on their own performance improvements,” said Buterin.
The Ethereum development team is actively trying to improve the security of the network and mitigate the damages caused by various bugs, attacks, and security issues. However, some users and experts are becoming impatient in dealing with delays in transactions and wallets, which significantly affects applications and platforms launched in the Ethereum network.
Nifty, and the attacker used one of the attacks to manipulate a crowdsale: https://t.co/84KmhZmPAb
— Peter Todd (@petertoddbtc) September 26, 2016
While it is still difficult to speculate whether attacks will continue to affect the network, the Ethereum development team is collaborating with the parity team and other organizations to improve the overall security measures and efficiency of the network.