BitMEX Research may have found a bug in Parity full Ethereum node

13 Mar, 2019
by David Borman
Ethereum
BitMEX Research may have found a bug in Parity full Ethereum node

BitMEX Research recently launched the website nodestats.org to monitor the Ethereum network by collecting metrics every five seconds. In their brief time collecting data, the researchers feel they may have found a bug in the Parity full node, that in theory could be exploited to enable double spends.

The potential bug stems from the fact that while syncing, the Parity node sometimes believes that it is up to date with the latest block when in fact it is not. As the researchers explain:

"As the chart generated from the Parity full node logs below illustrates, the highest block seen on the network figure, in blue, appears potentially incorrect. The highest block number seen on the network figure, sometimes falls in value as time progresses and has remained consistently well behind the actual chain tip (shown in green). On occasion this potentially buggy figure fell towards the height of the verified chain (orange) and our website incorrectly reports the node as in sync. This may be of concern to some Ethereum users, since the Parity full node has many connections to the network, therefore this may be a bug."

The authors then go on to lay out that while unlikely, the bug could be exploited to allow for an attacker to perform a double spend:

"For example a user could accept an incoming payment or smart contract execution as verified, while their node claims to be at the network chain tip. However, the client may not really be at the chain tip and an attacker could exploit this to trick the recipient into delivering a good or service. The attacker would need to double spend at a height the vulnerable node wrongly thought was the chain tip, which could have a lower proof of work requirement than the main chain tip."

They admit it is a fairly unlikely attack to pull off, however users should be aware of the issue.

To be clear, the possible bug is only with the Parity Full Node client, and other node clients are not believed to be effected.

Will this bug get fixed? Stick with Chepicap for any and all updates!

WATCH: $19 BILLION! The REAL reason Facebook is creating a cryptocurrency!

Follow Chepicap now on Twitter, YouTubeTelegram and Facebook!

Chepicap is here for you 24/7 to keep you informed on everything crypto. Like what we do? Tip us some Satoshi with the exciting new Lightning Network Tippin.me tool!

 

Read more: How to tip and receive Bitcoin via the Lightning Network with Tippin.me

Read more about:BitmexEthereum (ETH)

Poll

Do you use a Parity Full node?

(2 votes)

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage