EF Blog

ETH top background starting image
ETH bottom background ending image
Skip to content

Security Alert - DoS Vulnerability in the Soft Fork

Posted by Felix Lange on June 28, 2016

Security Alert - DoS Vulnerability in the Soft Fork

Affected configurations: geth 1.4.8

Likelihood: High

Severity: High

Details:

An attack vector has been identified in the freshly released implementation of the DAO soft fork. The fork enactment code in geth (and other clients) allows execution of EVM code up to the block gas limit without paying for gas. This can slow down mining and prevent inclusion of legitimate transactions.

The soft fork will not be enabled if the gas limit of block 1800000 is above 4000000 gas (i.e. if the community vote to activate the fork fails). The attack cannot be performed in this case.

Effects on expected chain reorganisation depth: None

Proposed temporary workarounds:

  • run geth 1.4.7
  • run geth 1.4.8 without the --dao-soft-fork command line option.

Follow-up action:

Available options are being considered. The community can avoid any negative consequences of the soft fork by voting against it until a better solution has been found. Note that, to the best of our knowledge, no funds can be retrieved from the affected DAOs until July 14th 2016. There is no immediate urgency to block transactions while further proposals are being worked out.

Subscribe to Protocol Announcements

Sign up to receive email notifications for protocol-related announcements, such as network upgrades, FAQs or security issues. You can opt-out of these at any time.


Categories