Security Advisory [eth (cpp-ethereum) potentially vulnerable if running with UPnP enabled]

Affected configurations: Issue reported for eth (cpp-ethereum).</section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody">Likelihood: Medium</section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody">Severity: High</section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody">Impact: Potentially achieve remote code execution on a machine running eth (cpp-ethereum)</section><section class="postbody"></section><section class="postbody"></section><section class="postbody">Details:</section>A vulnerability found in the MiniUPnP library can potentially affect eth clients running with UPnP enabled. Effects on expected chain reorganisation depth: none</section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody"></section><section class="postbody">Remedial action taken by Ethereum: We are verifying whether this can indeed... [Read More]

The Evolution of Ethereum

Many of you know that the Ethereum platform grew out of the realization that blockchains can go far beyond currency, together with a frustration with the limitations of previous projects. The core idea was simple: a blockchain with a built-in Turing-complete programming language, allowing users to build any kind of applications on top. Over time, the vision evolved and expanded. The blockchain remains a crucial centerpiece, but it is ultimately only part of a larger vision of “web 3.0” as... [Read More]

More uncle statistics

The following are some interesting results on the performance of different miners over the course of the first 280,000 blocks of the Ethereum blockchain. For this timespan I have collected the list of block and uncle coinbase addresses; raw data can be found here for blocks and here for uncles, and from this we can glean a lot of interesting information particularly about stale rates and how well-connected the different miners and pools are. First off, the scatter plot: What... [Read More]

DEVcon is back!

DevCon 1 will be happening in London on November 9-13, a little over one hundred days since the Ethereum network launched. Over the last months, we’ve seen the network grow from a few hundred nodes starting on that one exciting and special night to a very substantial, globally deployed stable platform with thousands of devs pushing towards the decentralization revolution which motivates and inspires us. DevCon will have three primary categories of topics: Basic research and core protocols: including proof... [Read More]

Ethereum Comms Announcement

The foundation is currently in the phase of restructuring its communications activities. Several members of our current communications team in London are soon leaving or reducing their involvement in the Foundation in order to pursue for-profit ventures on top of the Ethereum ecosystem; we wish them the best of luck. And so, we have both the necessity and a unique opportunity to “reboot” that side of the organization and take another look at how the Ethereum foundation interacts with the... [Read More]

Ethereum Wallet – Developer Preview

We are happy to announce our very first developer-preview of the Ethereum Wallet ÐApp. The point of this release is to gather feedback, squash bugs and, most importantly, get the code audited. Please note that this is a developer-preview and not the final release. We advise you to be extremely careful putting large amount of Ether in the wallet contracts. Using the wallet on the mainnet should only be done with small amounts!   As Steve Ballmer once said Developers!... [Read More]

On Slow and Fast Block Times

One of the largest sources of confusion in the question of blockchain security is the precise effect of the block time. If one blockchain has a block time of 10 minutes, and the other has an estimated block time of 17 seconds, then what exactly does that mean? What is the equivalent of six confirmations on the 10-minute blockchain on the 17-second blockchain? Is blockchain security simply a matter of time, is it a matter of blocks, or a combination... [Read More]

Security Alert – [Previous security patch can lead to invalid state root on Go clients with a specific transaction sequence – Fixed. Please update.]

  Summary: Implementation bug in the go client may lead to invalid state Affected client versions: Latest (unpatched) versions of Go client; v1.1.2, v1.0.4 tags and develop, master branches before September 9. Likelihood: Low Severity: High Impact: High Details: Go ethereum client does not correctly restore state of execution environment when a transaction goes out-of-gas if - within the same block - a contract was suicided. This would result in an invalid copy operation of the state object; flagging the... [Read More]

A message from Stephan Tual

To the wonderful Ethereum Community, You often heard me say at conferences that Ethereum was not a company, a foundation, an implementation, or an individual. Ethereum is both an idea and an ideal, encompassing the first censorship-resistant network build specifically to enable those who need it the most to safely trade, privately self-organise and freely communicate, rather than relying on the crippled walled garden handed out by the powers that be. Due to divergence in personal values, Eth/Dev and I... [Read More]

Security Alert – [Implementation bug in Go clients causing increase in difficulty – Fixed – Miners check and update Go clients]

Implementation bug in the go client leads to steady increase of difficulty independent of hashing power. Affected configurations: All Go client versions v1.0.x, v1.1.x, release and develop branches. The bug was introduced in a recent update and release through commit https://github.com/ethereum/go-ethereum/commit/7324176f702a77fc331bf16a968d2eb4bccce021 which went into the affected client versions. All miners running earlier mentioned versions are affected and are advised to update as soon as possible. Likelihood: High Severity: Medium Impact: Increase in block time will lead to an exponential increase... [Read More]