Skip to main content

Posts

Showing posts from October, 2016

Uncle Rate and Transaction Fee Analysis

One of the important indicators of how much load the Ethereum blockchain can safely handle is how the uncle rate responds to the gas usage of a transaction. In all blockchains of the Satoshian proof-of-work variety, any block that is published has the risk of becoming a “stale”, ie. not being part of the main chain, because another miner published a competing block before the recently published block reached them, leading to a situation where there is a “race” between two blocks and so one of the two will necessarily be left behind.One important fact is that the more transactions a block contains (or the more gas a block uses), the longer it will take to propagate through the network. In the Bitcoin network, one seminal study on this was Decker and Wattenhofer (2013), which found that the average propagation time of a block was about 2 seconds plus another 0.08 seconds per kilobyte in the block (ie. a 1 MB block would take ~82 seconds). A more recent Bitcoin Unlimited study showed tha…

Security Alert – Mist can be vulnerable when navigating to malicious DApps

Mist is leaks some low level APIs which Dapps could use to gain access to the computers file system and read/delete files. This would only affect you if you navigate to an untrusted Dapp, which knows about this vulnerabilities and specifically tries to attack users. Upgrading Mist is highly recommended to prevent any exposure to attacks.Affected configurations: All versions of Mist including and prior to 0.8.6 (This doesn’t concern the Ethereum Wallet, as it can’t load external DApps)
Likelihood: Medium
Severity: HighSummarySome Mist API methods were exposed, making it possible that malicious webpages get access to a privileged interface that could delete files on the local filesystem or launch registered protocol handlers and obtain sensitive information, such as the user directory or the users coinbase.
Vulnerable exposed mist APIs:
mist.shell
mist.dirname
mist.syncMinimongo
web3.eth.coinbase is now null, if the account is not allowed for the dappSolutionUpgrade to the latest version of t…

FAQ: Upcoming Ethereum Hard Fork

The Ethereum network will be undergoing a hard fork at block number 2463000, which will likely occur between 12:00 and 13:00 UTC on Tuesday, October 18, 2016. A countdown timer can be seen at http://ift.tt/2e9aNUS.As a user, what do I need to do?Download the latest version of your Ethereum client:Latest version of Ethereum Wallet/Mist (v0.8.6)Latest geth client (v1.4.18)Latest Parity client (v1.3.8)Latest ethereumJ client (v1.3.6)What happens if I do not participate in the hard fork?If you are using an Ethereum client that is not updated for the upcoming hard fork, your client will sync to the pre-fork blockchain once the fork occurs. You will be stuck on an incompatible chain following the old rules and you will be unable to send ether or operate on the post-fork Ethereum network.What is a hard fork in Ethereum-land?A hard fork is a change to the underlying Ethereum protocol, creating new rules to improve the system. All Ethereum clients need to upgrade; otherwise they will be stuck …