Bitcoin Forum
November 08, 2024, 02:26:00 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: The blockchain ecosystem has a patch problem  (Read 88 times)
vit05 (OP)
Hero Member
*****
Offline Offline

Activity: 672
Merit: 526



View Profile
May 21, 2019, 02:36:39 AM
 #1


Security Research Labs:   
 
Many Ethereum nodes running popular clients like Parity and Geth take months to apply security patches, which may leave the network vulnerable to 51% attacks

https://srlabs.de/bites/blockchain_patch_gap/

SRLabs research suggests that security vulnerabilities remain unpatched for many Ethereum blockchain participants for extended periods of time, putting the blockchain ecosystem at risk.

Crypto currencies provide a popular alternative to centralized payment systems, and promise transactions between mutually anonymous parties, often called “trustless” transactions. More specifically, blockchain participants rely on a majority of participants taking rational actions, rather than having to rely on a single banking institution or government. However, the required rational actions seem to extend beyond what many blockchain users are willing to do. In particular, we found early evidence that blockchain participants do not sufficiently patch and hence carry known vulnerabilities.

A month after its release, a critical security patch has not reached a third of Parity Ethereum nodes.

Ethereum is a cryptocurrency realized through a peer-to-peer network. With a market capitalization in excess of USD 19 billion, Ethereum is a highly attractive target for hackers.

Each participant needs a software client to access the Ethereum network: The most common choices are Parity-Ethereum (Parity) and Go-Ethereum (Geth).

Ethereum relies on high availability to prevent double spending. A hacker who controls more than 51% of the computational power in the network can double spend coins, enriching the hacker and undermining the trust in the ecosystem. If a hacker can crash a large number of nodes, controlling 51% of the network becomes easier. Hence, software crashes are a serious security concern for blockchain nodes (unlike in other pieces of software where the hacker does not usually benefit from a crash).

For that reason, denial of service vulnerabilities have a particularly high severity in cryptocurrency networks; they can be used to massively reduce the amount of computational power needed to perform a 51% attack and double-spend. Ethereum has to rely on the node software to be very hard to crash remotely. However, creating perfect software is near impossible and bugs that allow for remote crashes appear from time to time in blockchain clients.

Unpatched Parity Ethereum nodes can be remotely crashed. In February 2019, we reported a vulnerability in the Parity Ethereum client that could be used to remotely crash any Parity Ethereum node prior to version 2.2.10. The crash is caused by an integer overflow during chain synchronization between two nodes, which can be remotely triggered. Since every node accepts such connection requests to stay synchronized with the main network, the vulnerability allows an attacker to crash any unpatched Parity node active in the Ethereum network.


This is quite serious. In early versions of Bitcoin there was a kind of alert, which could be emitted by satoshi. Today, all blockchain are extremely dependent on scattered information. And many do not download the latest updated version.
lyks15
Full Member
***
Offline Offline

Activity: 546
Merit: 100



View Profile
May 21, 2019, 04:30:21 AM
 #2

I hope this will be fix very soon because many of us are all affected. I think this is part of their maintenace fixing and I hope there will be an additional security features will be added to this site.  Because according to the blog that I had read there is an 50% hacker who control in different account. Hope you have something to do in that problem.

▼                          NΛTURΛL8       MAKING POKER FUN AGAIN                        ▼
►          $500k Rush & Cash Monthly   |   200% First Deposit   |   $150k Short Deck Hold'em          ◄
▲          [   ● FACEBOOK   ]     Download The App Here     [     ● TWITTER     ]          ▲
rijaljun
Sr. Member
****
Offline Offline

Activity: 1274
Merit: 267



View Profile
May 21, 2019, 05:42:51 AM
 #3

Instead of just discovering this issue, is there any solution proposed to be implemented on ethereum system? I think ethereum developers or researchers should not stay silent and do nothing, they must think what is the best option to help this issue out. This is absolutely something serious to discuss and resolve.

█▀▀▀











█▄▄▄
.
1xBit.com  sports
▀▀▀█











▄▄▄█
███████████████████████████
████████▀▀       ▀▀████████
█████▀  ▄▄▄▀███▀▄▄▄  ▀█████
████  ▄█████▄ ▄█████▄  ████
███  █ █████▀ ▀█████ █  ███
██  ▄██ ▀▀▀▄███▄▀▀▀ ██▄  ██
██  █▀▄██ ███████ ██▄▀█  ██
██   █████ █████ █████   ██
███  █████▀▄▄▄▄▄▀█████  ███
████  ▀▄▄▄▀█████▀▄▄▄▀  ████
█████▄  ▀▀█ ███ █▀▀  ▄█████
████████▄▄       ▄▄████████
███████████████████████████
███████████████████
▀▀       ▀▀████████
 ▄▄  ▀  ▄▄   ▀█████
 ▀    ▀█████▄  ████
   ▀█▄   ▀▀██▄  ███
 █▄  ▀██▄▄  ▀█▄  ██
  ▀█▄  ▀███▄  ▀  ██
█  ▀██▄  ▀███▄   ██
██  ▀███▄  ▀█▀  ███
███  ▀████▄    ████
 ▀▀█▄  ▀▀▀   ▄█████
▄▄       ▄▄████████
███████████████████
███████████████████
███▀▀         ▀▀███
▀   ▄▄██▄  ▀█▄  ▀██
 ▄████████▄  ▀█  ██
██████▄▀  ██▄    ██
████▄▀  ▄▀████▄  ██
██▄▀  ▄▀██████  ▄██
▄▀  ▄▀███████  ▄███
█▄▄▀███████▀  ▄████
▀████████▀  ▄██████
  ▀██▀▀   ▄████████
      ▄▄███████████
███████████████████
1mBTC
x 3 WINNERS
BET
MULTIPLIERS
█▀▀▀











█▄▄▄
.
▀▀▀█











▄▄▄█
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!