On Monday, Ethereum’s Byzantium hard fork went into effect, initiating the first phase of its upgrades. It may have been implemented but developers aren’t ready to call it a success just yet.
Byzantium was one of the biggest changes to occur on the second-largest blockchain in the world. It was the first phase of Metropolis, a full system protocol upgrade that introduces nine ethereum improvement protocols (EIPs) to enhance the networks security, privacy, and scalability. They originally started planning these upgrades back in 2015. The second phase, Constantinople, doesn’t have an official release date but is tentatively scheduled for 2018. Ethereum’s hard fork turned out to be a lot more complex than they originally anticipated. In order for the transition to be successful, all nodes (computers that run the software) were required to install software upgrades, released just days before the fork was to take place.
However, with developers still finding software bugs, the universal upgrades didn’t happen as originally planned.
Geth, the most popular Ethereum client, at press time had only 58.4 percent upgraded to the new software and the second most popular client, Parity, had only 25.1 percent upgraded. With those figures, roughly only 45 percent of the network is currently running the upgraded software.
The bugs found on the old software could have exposed the network to a possible split of the network and caused incompatibility between the nodes. Also, the critical fault that could have potentially exposed the network to denial-of-service attacks was secured on the new update.
Is Ethereum safe to use?
Some may be wondering, with less than half the network updated on the new software if it is safe? This remains an open question still, as several clients still have the “consensus bug” that has the ability to create multiple ethereum blockchains. CoinDesk spoke to ethereum’s core developer, Gavin Wood who “urged caution” to those taking on large-scale projects until the upgrade is fully stable.
Proceeding with caution
Apart from the clients that have not upgraded their software, developers are carefully watching the current Byzantium software as there are still chances of security bugs.
They are continuously monitoring the consistent “consensus bug” (as mentioned above), which causes the nodes to lose interaction with one another, causing blockchain splits. Ethereum developers are hoping to catch these risks before they occur and are constantly running tests to locate them.
As reported by Wood, if the network does have the consensus bug it will take some time to actually show itself.
“I don’t think anyone believed the network was going to self-combust on block 4,370,000,” Wood said.
If developers do find an issue, it will come to light within the next coming days.
With the developers already on top of the software and its potential faults, Wood is confident his developers will roll out debugged software in an extremely quick manner, to steer clear of further damage to the platform.
The lead security developer, Martin Holst Swende, told CoinDesk that the old faulty software that is out there isn’t something to be concerned about. If the blockchain split occurs, he assured, “They’ll simply be dropped off the chain, [then] look into it and update their client.”
“Of course, ethereum is no longer monitoring these nodes, so if a bug does show up, it won’t be visible on any of the blockchain explorers. Further, should the bug be exploited on the older software, we’re unlikely to hear about it, beyond the “noise on Reddit,” according to Holst Swende.
Ethereum’s founder Vitalik Buterin posted on an online forum today and stated that one or two months of further testing are necessary in order to deem Byzantium fully secured.
The security tests before the hard fork were extensive but it still might seem like a long time, for most. On Reddit, ethereum developer Afri Schoedon states that the Byzantium code has been available for several weeks before the hard fork and was consistently passing all security checks before the bugs were discovered.
A “fuzzer” is an automated testing process that draws out the acutest code weaknesses. In order for ethereum to run, it relies on multiple screening processes but the fuzzer seemed to not get enough run-time prior to the fork.
This has become a top priority security check for ethereum, and as core developer Peter Szilagyi states, “It takes polish and effort to really make it part of the workflows” he continued, “Rest assured that the fuzzer will be a much more organic part of the next fork preparation.”
No bugs have been discovered since the hard fork running the fuzzer consistently, securing the safety of Byzantium so far. Despite the security chaos leading up to the hard fork, the ethereum team doesn’t feel it necessary to dial back their approach on upgrades in the future. There is obvious pushback from some developers wanting a more careful approach but we’ll see what they decide for the future.
Featured Image: twitter