Yikes. And this is why we don't use "clever" solutions.
For some context, gas (or operations expense) usage was never designed for re-entrency protection. After the DAO attack, in order to prevent re-entrency attacks the Solidity interpreter limited the gas of external calls.
It's clever way to solve the problem. However now when we're trying to change around the gas for certain operations, it's jeopardizing previous contracts that relied on this "clever" solution.
To be honest, this is really bad, cause I'm not sure how Ethereum can ever safely adjust gas.
Edit:
I'm not sure how Ethereum can ever safely adjust gas... until they go back and "monkey patch" all the smart contracts that used the external gas call limit. Since we only can see the compiled code, there's no real way to know if a deployer explicitly wanted that external gas call limit, or was just using it for re-entrency protection.
"With a sufficient number of users of an API, it does not matter what you promise in the contract: all observable behaviors of your system will be depended on by somebody."
Gas costs have observable side effects, therefore someone will depend on them.
IMHO the VM here isn't really the problem. Its the compiler. The way I look at it this is really a compiler bug, that only gets "activated" with this upgrade.
The whole design is bad. Calls out to untrusted code should never have been allowed. You should be able to send messages out to untrusted code and to send ether. Perhaps the recipient of a message could be allowed to raise an exception, thus causing the transaction to abort, but otherwise the untrusted code should never have been allowed to reenter anything.
A similar method is to put the external call at the very end of your function, after any state updates, and make sure that function isn't called from another function. These are well-known techniques in the community and commonly used, which is probably one reason the researchers didn't find any vulnerabilities in deployed contracts.
The gas limit on send was more of a belt-and-suspenders thing, not intended as the sole protection; that may have been a bad idea in retrospect, but at the time people were pretty focused on adding every protection possible against another DAO situation.
That's not how things work here. The software is already installed with instructions to behave differently at some point tomorrow. They are asking that users delay the switch to the new behavior.
,,key stakeholders around the Ethereum community have determined that the best course of action will be to delay the planned Constantinople fork that would have occurred at block 7,080,000 on January 16, 2019''
Who are those key stakeholders? And what happens if they don't agree?
It was actually a theoritical question...we all know that Ethereum governance at the end is 1 person (I don't want to say his name here, as the blog post didn't mention it).
If you look at Bitcoin governance, there's no way a developer (or developer group) would be able to force any hard fork, which means that you can always use the old codebase to verify blocks and send money, and people will accept it. Backwards compatibility will stay with us for a long time.
Was this vulnerability disclosed beforehand to any of the eth foundation or other parties or did they learn about this after it went public? There doesn't seem to be any mention about this being responsibly disclosed.
I work on ganache, one of the tools used to uncover this attack, and we only heard about it this afternoon via a Reddit post linking to a medium article.
I wish they could have continued without it. Issuance reduction was really important, we've had too much selling pressure for too long. It might have eased it.
For some context, gas (or operations expense) usage was never designed for re-entrency protection. After the DAO attack, in order to prevent re-entrency attacks the Solidity interpreter limited the gas of external calls.
It's clever way to solve the problem. However now when we're trying to change around the gas for certain operations, it's jeopardizing previous contracts that relied on this "clever" solution.
To be honest, this is really bad, cause I'm not sure how Ethereum can ever safely adjust gas.
Edit:
I'm not sure how Ethereum can ever safely adjust gas... until they go back and "monkey patch" all the smart contracts that used the external gas call limit. Since we only can see the compiled code, there's no real way to know if a deployer explicitly wanted that external gas call limit, or was just using it for re-entrency protection.
"With a sufficient number of users of an API, it does not matter what you promise in the contract: all observable behaviors of your system will be depended on by somebody."
Gas costs have observable side effects, therefore someone will depend on them.
----------
bool isEntered = false;
function doSomething() { if (isEntered) { throw; } isEntered = true; ...; isEntered = false; }
----------
I don't really understand why they went with this gas-limit solution. I feel like there must be something I'm missing cause its too obvious.
The gas limit on send was more of a belt-and-suspenders thing, not intended as the sole protection; that may have been a bad idea in retrospect, but at the time people were pretty focused on adding every protection possible against another DAO situation.
https://medium.com/chainsecurity/constantinople-enables-new-...
What could possibly go wrong?
p.s. As far as I can tell from skimming the background, no vulnerable contracts have actually been found.
Who are those key stakeholders? And what happens if they don't agree?
If you look at Bitcoin governance, there's no way a developer (or developer group) would be able to force any hard fork, which means that you can always use the old codebase to verify blocks and send money, and people will accept it. Backwards compatibility will stay with us for a long time.