Bug impacting over 50% of Ethereum clients leads to fork

A bug in older versions of the Ethereum network client Geth has caused nodes running those versions to split from the main network.

The bug impacts older versions of Geth clients, specifically v1.10.7 and earlier. These make up nearly 75% of all Ethereum nodes, and 73% of Geth clients are still running the older versions.

This means that around 54% of Ethereum nodes are running with a major infrastructure bug.

The concern is that this could lead to double spending attacks, where cryptocurrency is spent but then the transaction is overwritten by the alternative chain.

The Block Research has identified this address as the one that exploited the bug and it was funded by a Tornado Cash client. The bug also impacts other EVM-compatible chains like Binance Smart Chain and Polygon.

Finding the bug in an audit

This bug was found in an audit of Telos EVM, the version of the Ethereum Virtual Machine running on the Telos blockchain, according to a press release. Guido Vranken, auditor at Sentnl, which carried out the audit, found the bug, calling it a “high severity issue.”

After Ethereum core developers were informed about the issue, they released a patch on August 24 to fix it. But this only helps those who have upgraded their nodes.

When the fix was announced, a statement said, “The exact attack vector will be provided at a later date to give node operators and dependent downstream projects time to update their nodes and software. All Geth versions supporting the London hard fork are vulnerable (the bug is older than London), so all users should update.”

This story is breaking and will be updated in more detail.

For more breaking stories like this, make sure to subscribe to The Block on Telegram.

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.