The supposed bug was found when BitMEX researched its new website designed to gather significant metrics on Ethereum nodes- Nodestats. The exchange also reveals in the blog post that Nodestats’ launch is today. The new website was made in collaboration with TokenAnalyst.
Nodestats shows important data for Ethereum Parity and Ethereum Geth clients, the two largest Ethereum node client implementations as reported by BitMEX, and compares memory, computational and space requirements.
The team began gathering data form the Ethereum Parity full node starting with March 1, stating that the node was still not fully synced with the Ethereum blockchain as of March 12. The node client was lagging 450,000 blocks, with the research team noting: “based on its current trajectory, it should catch up with the main chain tip in a few days.”
However, the slow sync is not a problem for the blockchain:
“While the slow initial sync is a potential problem, at least for this system setup, Ethereum has not yet reached a point where the node cannot catch up, as the sync is faster than the rate of blockchain growth.”
But the team went on to find a “potential bug” in the client, as the Parity node “sometimes reports that it is in sync, despite being several hundred thousand blocks behind the chain tip.”
The bug could be exploited by an attacker in some situations, but this is “highly unlikely” to happen, according to the researchers:
“One could argue the impact of this potential bug could be severe […] if exploited by an attacker in the right way. For example, a user could accept an incoming payment or smart contract execution as verified, while their node claims to be at the network chain tip. […] The attacker would need to double spend at a height the vulnerable node wrongly thought was the chain tip, which could have a lower proof of work requirement than the main chain tip. Although successful execution of this attack is highly unlikely and users are not likely to be using the highest seen block feature anyway.”
Nodestats is linked to five different Ethereum nodes and every five seconds it gathers data from them. The main goal of the project has been cited to be the providing of metrics related to the requirements of computational resources for Ethereum nodes.
Featured Image: theblockcrypto.com