New Year’s Eve attack nearly wreaks havoc.
Ethereum experienced an attack this week that threatened to cause significant downtime. Beginning on Dec. 30, an attacker sent invalid blocks to the network, causing node operators using the Parity client to lose sync with the network. Sergio Demian Lerner, a cryptocurrency security consultant, explained on Twitter:
The attack is simple: you send to a Parity node a block with invalid transactions, but valid header (borrowed from another block) The node will mark the block header as invalid and ban this block header forever but the header is still valid.
— Sergio Demian Lerner @SDLerner 30 Dec 2019
It seems that the motive behind the attack was a desire to cast a bad light on Ethereum (or Parity’s Ethereum client). Unlike a 51% attack, this exploit did not carry a profit. Some commenters, such as Liam Aharon, have speculated that the attacker may have profited by shorting ETH prior to the attack, but this has not been proven.
Ethereum Survives the Ordeal
Ethereum continued to process transactions during the attack due to the fact that it relies on multiple clients. Parity has a roughly 22% usage share among node operators, while Geth has a 75% usage share. Geth and most other clients were not affected by the bug — though a very minor node called Nethermind was affected alongside Parity.
Parity may also be credited for fixing the problem quickly. The attack was first observed on Dec. 30, and Parity released a fix on Dec. 31. Though a day’s worth of downtime would have been inconvenient, it would not have been disastrous. IOTA recently suffered a 15 hour downtime, and various other blockchains have done the same.
Is Parity’s Ethereum Client Dying?
The timing of this attack is relevant. Parity recently announced that it will no longer fund its Ethereum client, and the project will be funded through a DAO. There are concerns that this will not provide enough funding for the project to continue, and several node operators left Ethereum around the time of the Dec. 16 announcement.
If Parity’s Ethereum client is abandoned by developers, or if node operators migrate from Parity to Geth, Ethereum will become more centralized and vulnerable to attacks that target a single type of client. On the other hand, it is possible that node operators will turn to alternative, minor clients — but there is no sign of that happening yet.