Developers Debate Disclosure Protocols After ‘Accidental’ Ethereum Hard Fork


Ethereum developers are weighing changes to publicly disclosing critical bugs following the Nov. 11 “accidental hard fork.” 

Geth had fixed the bug in early October following a disclosure, but it still existed in prior versions of Geth. The bug temporarily caused 80% of the network that runs on Geth to go down a different path than other clients.

Now, developers are reordering the disclosure process for security vulnerabilities in the aftermath of what some developers have called the biggest threat against Ethereum since 2016’s attack on The DAO. 

Yet, blockchains, at their very core, are financial settlement mechanisms. The traditional methods of disclosing bugs in OSS can lead to undesirable outcomes for other players with money on the line.

In Friday’s All Core Developers’ call, Ethereum developer Micah Zoltu and Geth team leader Peter Szilágyi both disagreed with the issuance of a notification list for critical vulnerabilities. Zoltu claimed such a list would create an uneven playing field for projects, while Szilágyi said that every bug disclosure creates a weak point in Ethereum’s infrastructure. 

Given the option again, Szilágyi said he would go about the recent disclosure in the same manner – meaning, keeping the consensus bug under wraps (although he said at one point during the call they should have let users know a past version of Geth held a vulnerability). Geth has done so for other consensus vulnerabilities, he said.

“Disclosure is a complex topic and user safety is paramount,” Prestwich concluded.



Google Play

Source link

What do you think?

Comments

Leave a Reply

Loading…

0

Uniswap blocked funds are close to a record $3 billion. What token choose?

Tezos long-term Price Analysis: 13 November