Security Notification
Impacted configurations: Geth
Severity: High
Overview: An issue has been disclosed regarding Geth’s logging mechanism. This led to a network fork at block #2686351 (Nov-24-2016 14:12:07 UTC). The newly released Geth version 1.5.3 addresses the logging problem and rectifies the fork.
Specifications: Geth was not effectively reverting empty account deletions when the transaction that triggered the deletions ended with an out-of-gas exception. Furthermore, an additional flaw was discovered in Parity, where the Parity client erroneously failed to revert empty account deletions in a restricted set of situations involving out-of-gas calls to precompiled contracts; the revised behavior of Geth aligns with that of Parity, and empty accounts will no longer pose a concern in about a week once the state clearing procedure concludes.
The chain that originated from block #2686351 via the previous Geth client, which both Parity and the latest Geth version regard as invalid, appears to have been largely abandoned around block #2686516, indicating that approximately 165 blocks were mined on this now obsolete chain. Transactions circulate throughout the network, so most transactions are likely recorded on both the previous Geth chain and the current chain, even though mining rewards and transaction fees on the former Geth chain are forfeited. No transactions or blocks on the chain that both clients will now validate will be undone.
The latest Geth version will update the blockchain from the point of the fork, even if it has synced past that point.
Resolution: Geth 1.5.3 has been launched.
If you are utilizing Geth: Obtain the most recent client here: https://github.com/ethereum/go-ethereum/releases/tag/v1.5.3
If you are using Mist: Restart Mist and the auto-update feature will notify you to upgrade the Geth client that Mist employs to Geth 1.5.3.
If you decide not to update, please be informed that you will be on an unsupported chain that is invalid.
We continue to advise that exchanges and other high-value users operate multiple clients and automatically suspend activities or switch to safe mode if they become out of sync by more than approximately 10 blocks.
Ethereum websites and mobile applications that enable you to store ether and/or carry out transactions are operated by third-party web-based or mobile Ethereum providers (“Third Party Providers”). These Third Party Providers manage their own Ethereum client infrastructure to facilitate their services. Generally, you do not need to take any action if you utilize a Third Party Provider such as MetaMask, Jaxx, and MyEtherWallet. However, they may provide specific instructions for you. It is advisable to consult with your Ethereum Third Party Provider to determine what actions, if any, they recommend for their users.
—————————–
DISCLAIMER
This is a rapidly developing and complex technical environment. If you decide to engage, you should understand that there are numerous risks involved, including but not limited to unforeseen bugs and other technical challenges that could lead to the loss of ether and other repercussions. Additionally, if you do not upgrade to Geth 1.5.3, you will be part of an unsupported network. By opting to use the Ethereum platform, you acknowledge the risks associated with this evolving platform.
