Ethereum clients that still haven't patched known vulnerabilities pose a security risk to the entire network, according to new research.
A report from Security Research Labs that used ethernodes.org data, indicates that a large number of nodes using the most popular clients Parity and Geth have been left exposed for "Extended periods of time" after patches for security flaws have been released.
SRLabs says it reported a vulnerability in the Parity client in February that can open nodes up to being crashed remotely.
"According to our collected data, only two thirds of nodes have been patched so far. Shortly after we reported this vulnerability, Parity released a security alert, urging participants to update their nodes."
Another patch, released on March 2, was also not picked up by 30% of Parity nodes, it says, while 7 percent of Parity nodes still have a version vulnerable to a critical consensus vulnerability patched last July.
While the Parity client does have an automated update process, it "Suffers from high complexity" and not all updates are included, the report says.
Chart: Percentage of unpatched ethereum nodes decreases slowly over time.
"According to their announced headers, around 44% of the Geth nodes visible at ethernodes.org were below version v.1.8.20, a security-critical update, released two-month before our measurement.," say the SR Labs team, noting that Geth does not have an auto-update feature, apparently by design.
SR Labs goes on to say that by leaving large numbers of clients potentially open to attacks, the whole ethereum network, which relies on having nodes highly available, is vulnerable too.
"If a hacker can crash a large number of nodes, controlling 51% of the network becomes easier. Hence, software crashes are a serious security concern for blockchain nodes."
Unpatched Ethereum Clients Pose 51% Attack Risk, Says Report
gepubliceerd op May 17, 2019
by Coindesk | gepubliceerd op Coinage
Coinage
Vermeld in dit artikel
Recent nieuws
Alles zien
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.