Parity has unearthed a vulnerability which could spread to the Ethereum mainnet if users do not install a new patch.
Users of Ethereum software issued by Parity Technologies face enforced updates this week after warnings a testnet vulnerability could spread to the Ethereum network, according to Parity’s blog post June 6.
Parity is a UK-based provider of infrastructure software for interacting with the Ethereum network. A blog post from the company June 5 originally flagged the security problem, describing it as a “potential consensus issue with Parity Ethereum.”
Alert: Please update your Parity Ethereum clients to 1.11.3-beta or 1.10.6-stable asap. https://t.co/QNxzv74kSF
— Parity Technologies (@ParityTech) June 6, 2018
Users affected would see their transactions fall out of step with the rest of the Ethereum network, leading to them being rejected.
Now, any entity running Parity’s software must upgrade to a newly-patched version to mitigate risk of infecting Ethereum’s mainnet, including other Parity users such as Ethereum Classic (ETC).
“Please update your nodes as soon as possible and then double check that you are running version 1.10.6-stable or 1.11.3-beta,” the post requests.
The fault continues Parity’s chequered history since its inception, with security issues last year earning the company an infamous reputation for funds security.
The headache over how to return the frozen funds to users continues.
Meanwhile, social media commentators questioned whether installing a patch would protect Ethereum from the vulnerability. Tendermint developer Adrian Brink even going as far as to suggest it could “break” Ethereum Classic.
No exploits yet. Either everyone is very nice, no one knows yet or the Ethereum tooling is hard enough to use to prevent the exploit.
— Adrian Brink (@adrian_brink) June 6, 2018