Ethereum Blog

Ethereum Blog

Promoting a free, decentralized and open future


Navigation
CategorySecurity

Security

Featured

Security alert [12/19/2016]: Ethereum.org Forums Database Compromised

Posted byuserHudson Jameson on December 19th, 2016.

On December 16, we were made aware that someone had recently gained unauthorized access to a database from forum.ethereum.org. We immediately launched a thorough investigation to determine the origin, nature, and scope of this incident. Here is what we know: The information that was recently accessed is a database backup from April 2016 and contained […]

release

Featured

Security alert [11/24/2016]: Consensus bug in geth v1.4.19 and v1.5.2

Posted byuserVitalik Buterin on November 25th, 2016.

Security Alert Affected configurations: Geth Severity: High Summary:  An issue has been identified with Geth’s journaling mechanism. This caused a network fork at block #2686351 (Nov-24-2016 14:12:07 UTC). The new Geth release 1.5.3 fixes the journaling issue and repairs the fork. Details: Geth was failing to revert empty account deletions when the transaction causing the […]

announcement

Featured

Hard Fork No. 4: Spurious Dragon

Posted byuserHudson Jameson on November 18th, 2016.

The Ethereum network will be undergoing a hard fork at block number 2,675,000, which will likely occur between 15:00 and 16:00 UTC on Tuesday, November 22, 2016. A countdown timer can be seen at https://fork.codetract.io/. The Morden test network will be undergoing a hard fork at block number 1,885,000. As a user, what do I […]

Security

Featured

Uncle Rate and Transaction Fee Analysis

Posted byuserVitalik Buterin on October 31st, 2016.

One of the important indicators of how much load the Ethereum blockchain can safely handle is how the uncle rate responds to the gas usage of a transaction. In all blockchains of the Satoshian proof-of-work variety, any block that is published has the risk of howbecoming a “stale”, ie. not being part of the main […]

release

Featured

Security Alert – Mist can be vulnerable when navigating to malicious DApps

Posted byuserFabian Vogelsteller on October 27th, 2016.

Mist leaks some low level APIs, which Dapps could use to gain access to the computer’s file system and read/delete files. This would only affect you if you navigate to an untrusted Dapp that knows about these vulnerabilities and specifically tries to attack users. Upgrading Mist is highly recommended to prevent exposure to attacks. Affected configurations: All […]

announcement

Featured

FAQ: Upcoming Ethereum Hard Fork

Posted byuserHudson Jameson on October 18th, 2016.

The Ethereum network will be undergoing a hard fork at block number 2463000, which will likely occur between 12:00 and 13:00 UTC on Tuesday, October 18, 2016. A countdown timer can be seen at https://fork.codetract.io/. As a user, what do I need to do? Download the latest version of your Ethereum client: Latest version of […]

announcement

Featured

Announcement of imminent hard fork for EIP150 gas cost changes

Posted byuserMartin Swende on October 13th, 2016.

During the last couple of weeks, the Ethereum network has been the target of a sustained attack. The attacker(s) have been very crafty in locating vulnerabilities in the client implementations as well as the protocol specification. While the recent patches have led to an overall increased resiliency in the client implementations, the attacks have also […]

Security

Featured

Security alert – All geth nodes crash due to an out of memory bug

Posted byuserJeffrey Wilcke on September 18th, 2016.

Security Alert Affected configurations: Geth Likelihood: High Severity: High Summary: geth nodes running out of memory and crashing on block https://etherchain.org/block/2283416 Details: TBD Solution: Geth 1.4.12 was released. Please update ASAP.

Security

Featured

Security Alert – DoS Vulnerability in the Soft Fork

Posted byuserFelix Lange on June 28th, 2016.

Affected configurations: geth 1.4.8 Likelihood: High Severity: High Details: An attack vector has been identified in the freshly released implementation of the DAO soft fork. The fork enactment code in geth (and other clients) allows execution of EVM code up to the block gas limit without paying for gas. This can slow down mining and prevent inclusion of […]

Security

Featured

Security Alert – Smart Contract Wallets created in frontier are vulnerable to phishing attacks

Posted byuserFabian Vogelsteller on June 24th, 2016.

Affected configurations: All smart contract wallets created using Ethereum Wallet  Frontier, version 0.4.0 (Beta 7) or earlier. Wallets created with Ethereum Wallet 0.5.0 and all later versions released after March 3, 2016, are not affected. Likelihood: Low Severity: High Summary: Do not use wallet contracts or owner accounts of those wallets that were created by […]