The core developers of Ethereum have called for a delay to the activation of Constantinople, just hours before the long-awaited hard fork was scheduled to go live on the third-largest cryptocurrency’s network.
In a statement, the Ethereum Core Developers and Ethereum Security Community said that they decided to postpone the hard fork after security researchers identified a potential vulnerability in one of the software upgrades. “Security researchers like ChainSecurity and TrailOfBits ran (and are still running) analysis across the entire blockchain. They did not find any cases of this vulnerability in the wild. However, there is still a non-zero risk that some contracts could be affected,” the statement read.
Because the risk is non-zero and the amount of time required to determine the risk with confidence is longer the amount of time available before the planned Constantinople upgrade, a decision was reached to postpone the fork out of an abundance of caution. According to the statement, that potential vulnerability stemmed from EIP-1283, which introduces a cheaper gas cost for SSTORE operations. Researchers believe that it’s possible that had EIP-1283 been activated, certain smart contracts that are already running on Ethereum could have become vulnerable to reentrancy attacks.