research & development

Taylor’s Summer Update

Hey everyone, I spent some time with our Canadian friends in Toronto after presenting “Ethereum: The World Computer” at Blockchain Training Conference last month and I wanted to provide a quick update on some of the exciting happenings in the Ethereum dev ecosystem. Lots of things are brewing behinds the scenes, so let’s jump in!
research & development

C++ DEV Update – July edition

Since the last C++ DEV Update, a lot of things happened in the engine room which were not really visible to the outside. This post wants to give an overview about what we are currently working on. Apart from the features side, Bob has been working on a proposed process for re-licensing of the C++ runtime client code to Apache 2.0, as has been mentioned a few times in the past month or two. Expect more news on that very...
devcon

The Devcon2 site is now live!

The Devcon2 web site is officially live now! You can find it at https://ethereumfoundation.org/devcon/ Thanks for everyone’s interest, proposals, support and enthusiasm. We have an amazing community and are excited to present the first Ethereum Foundation event in Asia. This year, Devcon2 (September 19, 20, 21) will be a featured conference at the International Blockchain Week in Shanghai by Wanxiang Blockchain Labs, the host organization in China. While Ethereum Foundation’s “devcon” is designed to be a conference by developers for developers, any and...
security

Security Alert – DoS Vulnerability in the Soft Fork

Affected configurations: geth 1.4.8 Likelihood: High Severity: High Details: An attack vector has been identified in the freshly released implementation of the DAO soft fork. The fork enactment code in geth (and other clients) allows execution of EVM code up to the block gas limit without paying for gas. This can slow down mining and prevent inclusion of legitimate transactions. The soft fork will not be enabled if the gas limit of block 1800000 is above 4000000 gas (i.e. if the community vote to...
research & development

DAO Wars: Your voice on the soft-fork dilemma

The last week was quite hectic for all of us in the Ethereum ecosystem. The DAO has shown us that it takes much more effort to write smart contracts than we originally anticipated; but also that it takes a surprising amount of debate to reach a consensus on issues of this scale. Everybody in our community was very vocal and forthcoming about how the problem should be fixed in his/her opinion, or whether there’s even a problem to fix in the first place....
security

Security Alert – Smart Contract Wallets created in frontier are vulnerable to phishing attacks

Affected configurations: All smart contract wallets created using Ethereum Wallet  Frontier, version 0.4.0 (Beta 7) or earlier. Wallets created with Ethereum Wallet 0.5.0 and all later versions released after March 3, 2016, are not affected. Likelihood: Low Severity: High Summary: Do not use wallet contracts or owner accounts of those wallets that were created by the Ethereum Wallet 0.4.0 or earlier. If you send to (or interact with) a malicious contract it could take ownership of your wallet contract. Create...
security

Thinking About Smart Contract Security

Over the last day with the community’s help we have crowdsourced a list of all of the major bugs with smart contracts on Ethereum so far, including both the DAO as well as various smaller 100-10000 ETH thefts and losses in games and token contracts. This list (original source here) is as follows: The DAO (obviously) The "payout index without the underscore" ponzi ("FirePonzi") The casino with a public RNG seed Governmental (1100 ETH stuck because payout exceeds gas limit) 5800 ETH swiped...
research & development

CRITICAL UPDATE Re: DAO Vulnerability

An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction. The leaked ether is in a child DAO at https://etherchain.org/account/0x304a554a310c7e546dfe434669c62820b7d83490; even if no action is...
devcon

The Ethereum Foundation welcomes Microsoft as the Premiere Sponsor of Devcon2, Shanghai 19-21 September, 2016

London, United Kingdom, June 14, 2016 – The Ethereum Foundation is pleased to announce Microsoft as the Premiere Sponsor of Devcon2, the Ethereum developer conference in Shanghai, 19-21 September, 2016. Devcon2, which will showcase the most up-to-date research and development work supported by the Foundation, also represents the most comprehensive Ethereum-focused developer’s conference to date. The Ethereum Foundation’s Chief Scientist, Vitalik Buterin, notes that “We are very happy to have Microsoft’s sponsorship for Devcon2 and highly appreciate their continued support...