Ethereum core developers decided that they will delay the Ethereum Constantinople upgrade on the blockchain owing to security issues.
On January 15, the Ethereum community and its core developers were informed about a security issue related to the Constantinople upgrade on the network by ChainSecurity. Following the issue, the developers decided to delay the network upgrade. This is the second time Constantinople update is being delayed.
What Did Ethereum Say?
Ethereum was notified by ChainSecurity on January 15 that there were issues related to the Constantinople upgrade on the network. The team is looking into the vulnerabilities but decided to delay the fork “out of an abundance of caution.” The hard fork in the chain would have occurred today, January 16, if things went according to schedule.
Ethereum noted that Ethereum users do not need to take any actions but has asked the miners, exchanges and node operators to update their clients. The problem in the network is related to the Ethereum Improvement Proposal EIP-1283 which will make gas cost cheaper for the SSTORE operations on the network. Some smart contracts already operating on the chain may be vulnerable to reentrancy attack after the upgrade.
How Did Ethereum Make the Decision?
Ethereum notified that security researchers like TrailofBits and ChainSecurity ran an analysis on the entire blockchain and are still doing it. They did not find “any cases of this vulnerability in the wild. However, there is still a non-zero risk that some contracts could be affected.”
The Foundation noted that as the risk is non-zero and the amount of time, they would need to confidently determine the risk is higher than the time left for the planned upgrade, they would delay the upgrade. Earlier, the Constantinople hard work would have occurred at block 7,080,000 which was expected to take place on January 16.
Parties involved in deciding this included security researchers, Ethereum client developers, Ethereum stakeholders, smart contract owners and developers, node operators, wallet providers, dApp developers, and the media.