A bug has been found in the Parity Ethereum node/wallet software, according to a notice on the official website. The bug opens an attack vector to Parity nodes, which attackers could have used to force nodes offline – threatening a sizeable proportion of the Ethereum infrastructure.
Developers are, at time of writing, producing and testing a patch, which should be pushed out within hours. Concerned node operators are encouraged to keep an eye on Parity’s Twitter page for updates.
According to Etherscan.io, Parity clients serve more than a quarter of the nodes in Ethereum’s ecosystem, specifically nodes that use public JSONRPC Ethereum services. Those nodes operate some very prominent Ethereum apps, such as Infura, MyEtherWallet, and MyCrypto services.
(source: Etherscan.io)
Infura alone provides connectivity to the Ethereum network for a number of key products and projects, such as Metamask, CryptoKitties, the 0x Protocol, and many others. A 2018 ConsenSys article said that Infura handled 6 billion API requests per day, and had 15,000 developers registered.
The bug was reported by MyEtherWallet founder Kosala Hemachandra, according to the official post, and Hemachandra should benefit from Parity’s bug bounty program.
Ethereum Hickups
The big news lately on the Ethereum front was the delay of a very important update, the Constantinople update. The delay was due to a critical bug found in Ethereum Improvement Proposal 1283.
There was confusion following the delay, as many Ethereum nodes that already upgraded were forced to downgrade back to the stable build. What’s more, Parity developer Afri Schodeon noticed that Ethereum’s “difficulty bomb” had been activated – which might cause problems before a (hopefully) bug-free Constantinople is pushed out on February 27.
The market price of Ethereum has flirted with a return to double digits of late, having fallen about 30% since January 5th highs of almost $160.
(source: CryptoCompare)
