Over the previous few weeks, the Ethereum community has been the goal of a sustained assault. Attackers have been very crafty in finding vulnerabilities in consumer implementations in addition to within the protocol specification.
Whereas latest patches have led to total elevated resiliency in consumer deployments, the assaults have additionally proven {that a} lower-level change to the EVM pricing mannequin is required.
For a lot of customers, probably the most seen consequence is more likely to be that they’ve issue together with transactions in blocks, and full nodes face reminiscence limitations in managing bloated state.
Right here is our technique for fixing these issues:
- As a brief measure to attenuate the results of the most recent assault, we advocate all miners to scale back their gaslimit to 500K gasoline.
- A tough-fork primarily based on EIP 150 model 1c will take impact in block
2457000[see below]. This may change the costs of sure operations to higher match the underlying computational complexity. - A second hard-fork will comply with quickly after, geared toward undoing the present “state bloat” launched by the assaults. This second fork will serve to take away accounts which can be empty; lacking code, stability, storage and nonce == 0.
We’ve got carried out the mandatory adjustments within the purchasers and are at the moment increasing and including exams in an effort to stop the introduction of consensus-breaking vulnerabilities.
And as a reminder, Ethereum Bug Bounty is open and contains new hardfork implementations.
EDIT: The fork block has been moved to 2463000 to permit for much more testing.
