How Bad Is Ethereum’s Latest Geth Exploit?

By Prashant Jha
Published August 28, 2021 Updated August 28, 2021
Best Buy In

DeFi Platform

Exchanges

Wallet

Source: Coinscreed

How Bad Is Ethereum’s Latest Geth Exploit?

By Prashant Jha
Published August 28, 2021 Updated August 28, 2021

Ethereum blockchain’s most popular software client Geth also known as “Go Ethereum,” has faced a major exploit on the older versions yesterday. The bug impacted older versions of Geth clients, specifically v1.10.7 and earlier.

The exploit reportedly affected more than 50% of older Ethereum clients who have not updated to the latest hotfix released by Go Ethereum developers on August 24. As a result of the exploit, the Ethereum blockchain went under an unplanned hard fork splitting the blockchain in two. 74% of the clients use Geth and out of those 73% were on the older version which means a whopping 54% of Ethereum nodes are running with the bug.

The Go Ethereum team discovered the vulnerability on August 18 itself but didn’t reveal the nature of it to avoid others to exploit the issue. Ethereum team lead Péter Szilágyi had said they would reveal the attack vector on an upcoming date,

“The exact attack vector will be provided at a later date to give node operators and dependent downstream projects time to update their nodes and software,”

While the Go Ethereum team didn’t reveal the nature of the vulnerability, it seems the attacker managed to figure it out and went about attacking older clients that have not updated the hotfix. While the network requested everyone to upgrade to the latest version, the data suggest only 30% of validators did so which made the attack easier once the vulnerability was found.

What was the Nature of the Attack and How Does it Impact Ethereum Blockchain?

The idea to make people aware of the bug in advance failed miserably as it was a matter of time before someone managed to identify the problem. The Ethereum developers believe the plan failed miserably but more so because the node validators failed to update to the patched version in time. The attacker managed to commit changes to a PRE-Compiled contract by adding a change to the same memory location as a function.

A Twitter user who goes by the name of “Good Guy Biker – Vancouver BC Canada” gave a complete breakdown of the exploit and also explained the nature of the attack. As a result of the vulnerability, the Etheruem network was running two chains simultaneously and if the bad one was not discarded in time it could have lead to a double-spend or 51% attack since a majority of validators had not updated their clients.

This is not the first time when the Ethereum network has faced a chain split due to a vulnerability in the older client version of Geth. In November a similar issue led to another chain split as validators failed to upgrade. Talking about the pre-announcement, an Ethereum developer said,

“Last time we did a hotfix, people were angry that we didn’t announce it. This time we decided to try it differently. Let’s see which works better,”

advertisement

Disclaimer
The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.
About Author
Prashant Jha
1099 Articles
An engineering graduate, Prashant focuses on UK and Indian markets. As a crypto-journalist, his interests lie in blockchain technology adoption across emerging economies.

Loading Next Story