Vitalik Buterin Denies Rumors of New Constantinople Feature of Attack Vector Vulnerability
Vitalik Buterin – who is best known as one of ETH (Ethereum) co-founders – has denied the rumors floating around that one of the latest smart contracts features that are set to be introduced as part of the upcoming Constantinople hard fork will impart an array of negative security implications to the coin's transactional skeleton.
The allegations emanated following the latest Ethereum core developer meet-up that was held on February 15th. The new feature in the discussion is a ‘Create 2' additive that is set to be introduced as a necessary Ethereum Improvement Proposal (EIP – 1014) that is chiefly intended to make it easier to permit interactions with an external contract that is not yet existent on the blockchain.
As such, the addresses that do not necessarily exist on-chain can be integrated into the chain's ecosystem which will eventually contain the underlying code.
In light of this, it is not surprising, therefore, that several ETH chief developers have raised concerns that the forthcoming Create2 is likely to herald the inception of a potentially devastating vector attack to the operational network. What's more, given the implication that these smart contracts can be inadvertently be deployed to change their initial address after being implemented, there are pertinent questions if the feature could necessarily mean that any extra contract deployed post-Constantinople coupled with a self-destruct function is now more potentially suspect than earlier anticipated.
Jeff Coleman, one of the leading developers, did not hesitate to point towards the underscore that ‘one of the biggest things that are counter-intuitive about the upcoming Create2 is that subsequent redeployment would easily change the contract's backbone byte code'. As such, it is vital that people be aware that these Init codes are part and parcel of the auditing process.
Further, he also stressed that parties that are looking to audit or compare to other's code have to look out for the existence of potentially ‘strange phenomena' especially that one emanating from the combination of Create1 and Create2. And this mainly because the latter has a very weak assumption around the address identity of whatever the original ounce is.