Security Research Labs Report Shows Large Number of Parity and Geth Nodes on ETH are Poorly Updated


Security is one of the most paramount features of blockchain technology. All the many prospects and uses coupled with the fact that this technology isn’t very pliable are driving factors for its increased use.

However, as with anything else, hackers will almost always find a way to circumvent measures or breach certain loopholes in security. To solve this, security checks are constantly being done with threats being forecasted and solutions released to prevent breaches.

Parity

Despite the known possibility of a threat, a recent report by the Security Research Labs (SRLabs) has shown that as much as a third of Ethereum nodes running on Parity have still not been patched even with the release of a security update.

Specifically, SRLabs has noted that the problem was a dire denial of service (DoS) error that affected the Ethereum Parity client causing a serious flaw. This flaw is grave enough to be manipulated by hackers such that if they are able to remotely control 51%, they could easily overpower the network and cause many fatal errors.

Sometime in February, Parity released an official update and asked that everyone running their software, download and install the new update very quickly. However, this report has it that “only two thirds of nodes have been patched so far.”

The report also shows more surprising negligence saying that at least 30% of nodes on Parity still haven’t used another patch which was released on the 2nd of March. Furthermore, at least 7% of Parity nodes currently run on a version of the software, terribly defenceless against a flaw which was noticed and patched since July, 2018.

BitMEX, sometime in march, also found that its Ethereum Parity full node had a bug, although they were noted that the chance of a serious breach through the bug, was considerably low.

Go-Ethereum (Geth)

The report also shows negligence with Geth. It says that:

“According to their announced headers, around 44% of the Geth nodes visible at ethernodes.org were below version v.1.8.20, a security-critical update, released two-month before our measurement.”

The report notes that these numbers are too large and could potentially be exploited, eventually breaching the entire network because “breaking the backbone of the Ethereum network requires crashing only a handful of nodes.”

Suggestion

According to the report, there is a certain unreliability to the update procedure on Parity. Even though it runs automatically, it is a highly complex process that’s almost entirely dependent on smart contracts on the blockchain.

Here, the data in the contracts must always be updated and all the data the contracts point to must be available at all times from all nodes. The specifics of configuration involved make this process very susceptible to errors and may ultimately be the reason why a large number of nodes aren’t being updated.

Geth on the other hand, does not use an automatic system and this might also be direct reason for such low numbers for properly updated nodes.

SRLabs notes that the best way to fix this problem is to optimise the update processes. This should identify the drawbacks and challenges faced by the nodes that may affect the timely and proper installation of updates.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide