HomeEthereumSecurity Advisory

Security Advisory [Implementation bugs in Go and Python clients can cause DoS – Fixed – Please update clients]

-


State transition and consensus issue in geth client causes panic (crash) when processing a (valid) block with a specific combination of transactions, which may cause overall network instability if block is accepted and relayed by unaffected clients thus causing a DoS. This may happen in a block that contains transactions which suicide to the block reward address.

Affected configurations: Issue reported for Geth.While investigating the issue, related issues were discovered and corrected in pyethereum, hence pyethapp is also affected. C++ clients are unaffected.

Likelihood: Low

Severity: High

Complexity: High

Impact: Network Instability and DoS

Details: A block containing a specific combination of transactions which include one or more SUICIDE calls, while valid, causes panic crash in go-ethereum client and crash in pyethereum. Additional details may be posted when available.

Effects on expected chain reorganisation depth: None.

Remedial action taken by Ethereum: Provision of fixes as below.

Proposed temporary workaround: Switch to unaffected client such as eth (C++).

Fix:Upgrade geth and pyethereum client software.

go-ethereum (geth):

Please note that the current stable version of geth is now 1.1.1; if you are running 1.0 and using a package manager such as apt-get or homebrew the client will be upgraded.

If using the PPA: sudo apt-get update then sudo apt-get upgrade

If using brew: brew update then brew reinstall ethereum

If using a windows binary: download the updated binary.

If you are building from source: git pull followed by make geth (please use the Master branch commit 8f09242d7f527972acb1a8b2a61c9f55000e955d)

 

The correct version for this update on Ubuntu AND OSX is Geth/v1.1.1-8f09242d

pyethereum:

Users of pyethapp should reinstall

> pip install pyethapp –force-reinstall



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

LATEST POSTS

R0AR’s $1R0R Token Roars onto MEXC Exchange, Expanding DeFi Accessibility

Sheridan, Sheridan, July 2nd, 2025, ChainwireR0AR, a decentralized finance (DeFi) platform, has announced the listing of its native token, $1R0R, on the cryptocurrency exchange...

Limitless Raise $4m Strategic Funding, Launch Points Ahead of TGE

New York, NY, USA, July 1st, 2025, ChainwireThe largest prediction market on Base, limitless.exchange, today announces the closure of $4M in fresh funding in...

New Glassnode Report: How Bybit’s Response to the Lazarus Hack Became Crypto’s Defining Stress Test

DUBAI, UAE, July 1, 2025 /PRNewswire/ — Bybit, the world’s second-largest cryptocurrency exchange by trading volume, has been featured in a new research report by...

XRP Gains Ground as ETF Approval Odds Hit 95% and Institutional Inflows Surge

A Bloomberg analyst sees a 95% probability of XRP securing an ETF spot in 2025. With legal hurdles receding and institutional interest increasing, XRP...

Most Popular