The first Polkadot community conference is coming Dec 3rd!   👉  Register here for Polkadot Decoded

Parity Ethereum Client Issue Report

Image Kirill Pimenov
Head of security @ Parity Technologies
June 06, 2018 in Security, Parity Ethereum

Summary: A consensus issue on the public test network Ropsten has revealed a consensus vulnerability that can be triggered by a malformed transaction.

Severity: Critical

Product affected: Parity Ethereum client

Affected versions:

  • stable track up to 1.10.5-stable
  • beta track: up to 1.11.2-beta

Mitigation: Please upgrade to fixed versions 1.10.6-stable and 1.11.3-beta asap, and then double-check that you are running version 1.10.6-stable or 1.11.3-beta.

Examining the issues with our nodes on Ropsten, we have found out that there is a potential consensus-related issue between Parity Ethereum (up to versions 1.10.4-stable and 1.11.1-beta) and all other Ethereum clients.

In the worst case, submitting a certain malformed transaction (coming from a 0xfff...fff address) to a mining Parity Ethereum node could have caused that node to produce a malformed block, which would still be treated as valid by other affected Parity Ethereum nodes.

In case of such affected nodes providing a majority of hashpower on the net, this could have led to chain split. (If the majority of the hashpower wouldn’t be controlled by the affected nodes, the “correct” chain would still be longer at all times, and the bad block would just be discarded.)

As soon as we became aware of the issue, we prepared a fix and released a fixed binaries (versions 1.10.6-stable and 1.11.3-beta).

The response to this situation was proactive, meaning we were able to prepare a fix before anyone was actually able to exploit the bug.

Have questions about updating the client? Please reach out to us in our Parity support channel on Gitter. For general questions, please reach out to us on Riot.

Want to build the future of the web? We're hiring

More recent stories

November 18, 2020

Building a Hot Wallet With Substrate Primitives

Read More
November 11, 2020

Moonbeam: Ethereum Smart Contracts on Substrate

Read More
October 05, 2020

People of Parity: Bastian Köcher

Read More

Join the discussion: