Home Metaverse Ethereum proof-of-stake shopper bug caught and patched with out incident

Ethereum proof-of-stake shopper bug caught and patched with out incident

by crpt os


Ethereum developers identified a bug within the Besu Ethereum client that could have led to “consensus failure in networks with multiple EVM implementations.”

Gary Schulte reported the issue to the Hyperledger GitHub repository and was found by Martin Holst Swende. It is understood that “no production networks have transactions that would trigger this failure.”

Bug identified during The Merge code review

Swende documented that he found the bug while “doing some #ethereum fuzzing in preparation for #TheMerge.” In response to a CryptoSlate journalist, Swende stated that users running a Besu node would have become stuck and “not able to follow the canon chain.” Further, any “besu-dominated network could have been stopped in it’s tracks.”

The Besu client is the second most popular client on the Ethereum network behind Geth. According to data available via ethernodes.org, The Besu client is used by 7.81% of Ethereum mainnet clients.

Vulnerable Besu client versions

Version 22.7.1 of the Besu client contains a fix to ensure “excess gas will not be allocated to inner transaction calls and correcting the excess gas errors.”

Versions earlier than 22.1.3 will also “prevent incorrect execution,” however, Ethereum mainnet requires other features only available in later versions. Client versions 22.4.0 to 22.7.0 are currently considered vulnerable to the gas bug.

As a result, Besu client users on the mainnet must upgrade to the patched version.

Impact and resolution

Danno Ferrin created a full write-up of the issue in a Hackmd article published Sept. 21. Ferrin’s analysis stated that

“A flaw in handling unsigned data as signed data a properly coded smart contract can create a function call that will return more gas than was passed in.”

Further technical information regarding the bug can be found in Ferrin’s post. However, the main takeaway is that the bug was resolved without any issue on the Ethereum mainnet. For a bad actor to maliciously exploit the bug, they would have had to act in a precise manner.

“In order to elevate this to a chain-halting bug a deliberately crafted call was needed, involving some interactions with the EIP-150 “all but one 64th” rule and reserving a portion of available gas for the calling contract.”

If the bug was not found, any chain with high participation from the Besu client could have experienced a smart contract “infinite loop” whereby the contract would “truly execute forever.”

Ferrin stated that fuzzing enabled the developers to identify and patch the bug without issue. Fuzzing is a method used by software developers “that involves providing invalid, unexpected, or random data as inputs to a computer program.”

“The biggest lesson demonstrated by this exploit is that the comparison of trace data in a fuzzing execution catches more bugs than simply comparing the end results.”

The excess gas bug became a non-event due to the diligence of Ethereum developers dedicating themselves to protecting the network. However, the potential harm it could have caused showcases the complexity behind executing the merge without issues.

The bug was patched in version 22.7.1 using “different conversion method that will “clamp” overflow values to the maximum expected values avoiding the signed translation issues.” Ferrin commented that users running nodes within the vulnerable range should update to the most recent version.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex