Parity Urges Users to Upgrade Ethereum Nodes Following Bug Discovery
Parity users have been told to upgrade their nodes after a vulnerability was discovered on February 3, 2019.
An attack on a blockchain is one of the most destabilizing things that could happen to a network, as can be seen with the 51 percent attack that took place on the Ethereum Classic network in January 2019. As such, Ethereum has taken great pains to make sure that their platform is secured.
On February 3, 2019, the management of Parity, an Ethereum client, discovered that public nodes are at risk of an attack.
“We received several reports that an attacker can send a specially-crafted RPC request to a public Parity Ethereum node,” the announcement says.
The nodes that are vulnerable to such an attack are those that came out before the 2.9-stable and 2.3.2-beta. Should those nodes be attacked, they will crash. Public parity Ethereum nodes are those that serve JSONRPC as a public service and examples of these are Infura, MyEtherWallet, MyCrypto, and other publically-accessible pieces of infrastructure.
Not all nodes are vulnerable to such attack, specifically those that do not serve JSONRPC to third parties. The good news is that this is the default setting for most nodes. For those that are exposed to the bug, Parity has urged users to upgrade to the 2.2.9-stable and 2.3.2-beta and left links for download.
“Please update your nodes to the newest version ASAP, especially if you’re running a publicly-facing JSONRPC endpoints. Nodes with `–auto-update=all` flag set will receive the updates automatically,” the post read.
The attack vulnerability was brought to the attention of Parity by Kosala Hemachandra from MyEtherWallet as part of Parity’s Bug Bounty program which rewards those who find and report possible bugs to the management of Parity.
The finding of this bug is critical as an attack on the nodes could affect a significant portion of the Ethereum node network. It was a similar problem that led to the postponement of the Ethereum Constantinople update after a bug was found.
The discovery of bugs in various blockchain system, whether via bounties or by the developers themselves, helps to keep the blockchain ecosystem safer and less vulnerable to attack.