An old bug caused a massive outage
On November 11, a huge portion of Ethereum-based services were down due to an outage experienced by infrastructure provider Infura, which is used by the majority of DeFi users to connect to the Ethereum network. The outage was caused by a chain split originated by a consensus bug in an older version of Geth - an open source software to interact with the Ethereum network.
Developers explained that the fix for the consensus bug was silently included into the new Geth version, released in July 2020, but some major nodes continued to operate under an old node version even many months after that. According to a post-mortem release by Geth, developers chose to fix the bug silently because if they would have publicly warned the community about the vulnerability, a malicious actor could have triggered the bug before the majority of node operators switched to the newest version of Geth.
It’s important to mention, though, that since the importance of the upgrade was not properly disclosed, many server providers didn’t know that updating to the newer version would be worth the downtime for their services.
Since Geth is the largest Ethereum client, the community strongly criticized the team for how it handled the situation. Some suggested that Geth developers could have quietly reached out to major node providers to inform them about the importance of updating the software in a timely manner. Others proposed to establish a disclosure process for security vulnerabilities in the Ethereum community.
A new mining pool enforces censorship
Blockchain analytics company BlockSeer launched a beta version of a Bitcoin mining pool that will censor all transactions originated from blacklisted wallets, and require all its miners to pass Know-Your-Customer protocols. While this doesn’t pose any immediate danger to Bitcoin’s censorship-resistant nature, the precedent can lead to more regulatory pressure on other mining pools across the world.
There is a misconception that even if the majority of pools will participate in censorship, there will always be smaller pools that will include censored transactions in the blocks for higher fees. In reality, the majority of pools can be potentially forced by regulators to orphan any block with transactions from blacklisted addresses, but that will require world-wide collusion, so developers still have years to mitigate this vulnerability.
In other news
Payment giant PayPal announced that it finally ditched the crypto service waiting list and thus made it available to all eligible US customers to buy, hold, and sell cryptocurrencies within the platform. Unfortunately, users currently are not able to withdraw their cryptos to external wallets, and it’s unclear whether this feature will be available in 2021 or not. Meanwhile, the company is planning to expand its crypto services to international customers of its subsidiary Venmo.
Bitcoin Cash underwent another hard fork caused by a disagreement with the so-called “miner tax”, proposed by a group of developers led by Amaury Sechet in order to fund the further development of Bitcoin ABC software — an open source full node implementation of the Bitcoin Cash protocol. As a result of the hard fork, the chain without this “miner tax” received the most hashrate and took the BCH ticker on cryptocurrency platforms.
Decentralized finance yield aggregating protocol Value DeFi has been exploited using flash loans, resulting in a net loss of $6 million of user deposits. The team behind the project plans to compensate victims of the hack using money from the dev fund, insurance fund, and a portion of fees generated by the protocol.
Another DeFi project, Origin Dollar (OUSD), has been attacked by a hacker, who utilized flash loans and tricked the protocol by triggering a “rebase” to artificially inflate the OUSD supply. As a result, the attacker managed to get away with roughly $7 million, including $1 million of funds deposited by Origin founders and developers.
The Ethereum Improvement Proposal (EIP) 1559 has been fully funded amid the recent spike in network fees. The proposal is designed to tackle the volatility in transaction fees by replacing the auction-based fee market with fixed fees and decrease ether’s inflation.