Closed realcodywburns closed 7 years ago
arvicco
commented
7 years ago A simple course of actions recommended for ETC geth users:
realcodywburns
commented
7 years ago Parity has released their eip150 update today. They have left the classic chain with the option to impliment the changes at a block of out choosing. Gavin submitted a PR for block 2,500,000 so that it can be rapidly adopted as needed.
realcodywburns
commented
7 years ago ETH geth changes for review: https://github.com/ethereum/go-ethereum/commit/c72f5459ac110de47fa068bfa560164078508b1e @whatisgravity @splix @avtarsehra @ericsomdahl @elaineo @igetgames @mikeyb
marcusrbrown
commented
7 years ago It appears that two new attacks have surfaced on ETC (via replay most likely) and ETH that focuses on the EXP and BALANCE opcodes:
| Opcode | Contract | Description |
|---|---|---|
| EXP | ETH / ETC | Increased CPU load |
| BALANCE | ETH / ETC | Forces disk access for state not held in cache |
If you look a the VMTrace (GETH) on Etherscan for each, you can see that the damage is done before the contract runs OOG.
I know we are pressed for time before the gas reprice HF, however, I at least wanted to discuss to see if it's possible to reprice these opcodes and test them by the 25th. If not, then we need to come up with another strategy. Thoughts?
I am working to get cpp-ethereum ready for 2500000 (60% likely I can finish, but it will need review) and the tests merged to a point where we can use the central tests repository (as cpp-ethereum does with testeth, the test runner).
arvicco
commented
7 years ago Well, we delayed our HF timing in part to see what else attacker may come up with that we could counter-act, right?
marcusrbrown
commented
7 years ago Yeah, so first off I want to apologize to the community for being so agitated last week and pushing for a simul-fork, waiting a week looks to be the right choice and approach.
Ideally we would do a full EVM opcode survey, Nick Johnson has said they have, but if it's public I haven't tracked it down yet. I will do a quick scan on the Yellow Paper, but it's still all guesswork.
realcodywburns
commented
7 years ago realcodywburns
commented
7 years ago Closing issue, accepted as https://github.com/ethereumproject/ECIPs/blob/master/ECIPs/ECIP-1015.md
In reference to: ethereum/eip150
Concerning: Long-term gas cost changes for IO-heavy operations to mitigate transaction spam attacks
With the understanding that:
1) This is a fork intended for protocol improvement. 2) This is mutually beneficial to all etherem clients in order to mitigate current attacks. 3) Ethcore and Ethereum Foundation intend to implement the changes in unison on or around block 2,463,000 4) an unknown number of ETC nodes are using --oppose-dao clients and will be switched to the EIP gas price model at block 2,463,000
Issues to address:
1) The need to avoid silverware drawer of ethereums:
a. EF Official b. EF Official- no eip 150 fork c. EF TheDao Classic (accepted 1920k but ignored GasReprice, not upgraded nodes basically) d. ETC Early GasReprice, block 2,463,000 (uses upgraded EF version of geth with --oppose-dao flag) e. ETC Late GasReprice, block 2500000 (uses etc version 2.0.0 client) f. Ethereum Classic Classic (doomed) no forks ever from homestead
2) Urgency - this needs to be ready for testing as soon as humanly possible.
3) MAKE THE PLAN KNOWN. on all channels. smoke signals as need be.
Proposed actions: