{"id":42756,"date":"2021-05-19T11:48:24","date_gmt":"2021-05-19T08:48:24","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=42756"},"modified":"2025-08-31T00:38:24","modified_gmt":"2025-08-30T21:38:24","slug":"ethereum-operated-for-two-years-with-a-dos-exploit-that-could-take-the-network-offline","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/ethereum-operated-for-two-years-with-a-dos-exploit-that-could-take-the-network-offline\/","title":{"rendered":"Ethereum operated for two years with a DoS exploit that could take the network offline"},"content":{"rendered":"<p>Ethereum Foundation developers disclosed information about a vulnerability that could enable a DoS attack on the blockchain of the second-largest cryptocurrency by market capitalization.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">A disclosure about the <a href=\"https:\/\/twitter.com\/hashtag\/Ethereum?src=hash&#038;ref_src=twsrc%5Etfw\">#Ethereum<\/a> state problems, which we\u2019ve been working on fixing for the past two years: <a href=\"https:\/\/t.co\/GQBh0rFYKf\">https:\/\/t.co\/GQBh0rFYKf<\/a><\/p>\n<p>\u2014 M H (((Swende))) (@mhswende) <a href=\"https:\/\/twitter.com\/mhswende\/status\/1394649519393058822?ref_src=twsrc%5Etfw\">May 18, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The vulnerability was discovered as early as March 2019, but it could be fixed only with the activation of <a href=\"https:\/\/u1f987.com\/en\/news\/berlin-hard-fork-completed-on-ethereum-network-reports-fault\">hard fork Berlin<\/a> in April 2021.<\/p>\n<p>According to the developers, the vulnerability was &#8216;an open secret&#8217; \u2014 it had previously been publicly disclosed by mistake. After the April update, the threat level had fallen enough to discuss it in detail.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00abIt is important that the community can understand the reasons for changes that adversely affect user experience, such as higher gas costs,\u00bb the statement says.<\/p>\n<\/blockquote>\n<p>The state of Ethereum is described using a Merkle Patricia Tree. Each &#8216;leaf&#8217; of this tree is an account in the network, so as the blockchain grows the structure becomes denser. <a href=\"https:\/\/eth.wiki\/en\/fundamentals\/patricia-tree\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Merkle Patricia Tree<\/a>.<\/p>\n<p>Between the root hash and user accounts there are several &#8216;intermediate&#8217; nodes. To access a particular address the system must perform 8-9 operations.<\/p>\n<p>Low transaction costs and network growth created DoS-attack risks. To execute it, one only needs to search for non-existent addresses.<\/p>\n<p>To address this problem developers changed the gas-cost calculation algorithm and integrated into the Geth client a dynamic state snapshots mechanism. Such snapshots are a secondary data structure for storing network state in the format <a href=\"https:\/\/www.netinbag.com\/ru\/internet\/what-is-a-flat-file.html#:~:text=%D0%9F%D0%BB%D0%BE%D1%81%D0%BA%D0%B8%D0%B9%20%D1%84%D0%B0%D0%B9%D0%BB%20%D0%BF%D1%80%D0%B5%D0%B4%D1%81%D1%82%D0%B0%D0%B2%D0%BB%D1%8F%D0%B5%D1%82%20%D1%81%D0%BE%D0%B1%D0%BE%D0%B9%20%D0%BD%D0%B0%D0%B1%D0%BE%D1%80,%D0%BF%D0%BE%D0%BB%D0%B5%20%D0%BE%D1%82%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%BE%20%D0%BE%D1%82%20%D1%81%D0%BB%D0%B5%D0%B4%D1%83%D1%8E%D1%89%D0%B5%D0%B3%D0%BE%20%D0%B7%D0%B0%D0%BF%D1%8F%D1%82%D0%BE%D0%B9\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">flat files<\/a>.<\/p>\n<p>With the Berlin activation, the attack\u2019s effectiveness fell by a factor of 50.<\/p>\n<p>In September 2020, Storj developer Braden Fuller described a serious vulnerability in Bitcoin Core software. The exploit allowed <a href=\"https:\/\/u1f987.com\/en\/news\/storj-developer-reveals-serious-bitcoin-core-bug-discovered-in-2018\">steal funds and delay payments<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ethereum Foundation developers disclosed information about a vulnerability that could enable a DoS attack on the blockchain of the second-largest cryptocurrency by market capitalization.<\/p>\n","protected":false},"author":1,"featured_media":42757,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,46],"class_list":["post-42756","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-ethereum"],"aioseo_notices":[],"amp_enabled":true,"views":"19","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/42756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=42756"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/42756\/revisions"}],"predecessor-version":[{"id":42758,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/42756\/revisions\/42758"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/42757"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=42756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=42756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=42756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}