During a video conference on Tuesday with the participation of Ethereum developers and other clients and projects working on the network, it was decided to temporarily postpone the activation of the hard forks.
The meeting was attended by Vitalik Buterin, developers Hudson Jameson, Nick Johnson and Evan van Ness, as well as release manager Parity Afri Shoedon. Discussing the revealed vulnerability, they agreed that it would be impossible to eliminate it before the appointed time for hard forks (around 04:00 UTC on January 17).
A vulnerability, called a re-entry attack, allows an attacker to repeatedly enter the same function and infinitely withdraw funds.
“Imagine that my contract has the function of calling another contract. If I’m a hacker and can run this function while the previous one is still running, I’ll get the option to withdraw funds, ”explained Joanes Espanol, CoinDesk analyst, CTO.
According to him, this is a lot like the vulnerabilities that were discovered in The DAO in the summer of 2016.
Recall that the activation of the second part of the Metropolis hard fork was originally scheduled for October at block No. 23230000, but the miners sabotaged the activation of Constantinople in the Ropsten test network – and it was shifted first for a few days, then for November and finally decided to postpone to mid-January.
New date hard fork not yet determined.