On June 6 the company Parity Technologies, the firm that maintains the Ethereum Parity full node client, issued a mandatory update for individuals and businesses who use the Parity software. According to the latest security alert, the client versions, 1.10.6-stable and 1.11.1-beta, had a consensus issue with the public test network Ropsten that could possibly extend to the Ethereum mainnet and “could have led to chain split.”
Parity Issues a Mandatory Update Due to a Critical Vulnerability
The Parity client has had some issues with bugs back in 2017 that saw the exploitation of thousands of ethereum. Now this week the company Parity Technologies has announced yet another vulnerability that mandates an immediate client upgrade for all Parity users utilizing versions 1.11.1 and prior. Parity technologies deemed the security alert “critical” and asked all Parity patrons to upgrade to 1.11.3-beta as soon as possible.
“A consensus issue on the public test network Ropsten has revealed a consensus vulnerability that can be triggered by a malformed transaction,” explains Parity on June 6. “Examining the issues with our nodes on Ropsten, we have found out that there is a potential consensus-related issue between Parity Ethereum (up to versions 1.10.4-stable and 1.11.1-beta) and all other Ethereum clients.”
Please update your Parity Ethereum clients to 1.11.3-beta or 1.10.6-stable asap.
Parity’s Rampant Bugs Over the Past Year Causing a Mass Exodus to Just One Reference Client is Not Likely
Parity has suffered from quite a few exploits over the past fourteen months when Parity was hit with a hack that led to $30Mn in ETH (150,000 ethers) being stolen. Then five months later the full node Ethereum client experienced another vulnerability that saw a bunch of multi-sig contracts get locked up and frozen. The developers at the time stated, “This means that currently no funds can be moved out of the multi-sig wallets. $152 million in ether is believed to have been frozen following today’s news.”
Following this, Parity called for an Ethereum hard fork to reverse the million dollar bugs. However, the proposal EIP 999 to unfreeze the 513,774.16 ETH held in 587 wallets was rejected. Out of 639 votes for EIP 999, roughly 330 votes said ‘Nay’ while the rest did not care or favored the proposal. The latest bug doesn’t bode well for confidence in the Parity software but people are still pleased that Ethereum has multiple clients.
“Imagine if this consensus bug was on Geth?” asks Husam Abboud. Imagine there is no Parity and 95% used Geth, how risky that same client version blockchain would be — Parity + Variety = Stability.”