Only weeks after the execution of a hard fork to mitigate various DoS (denial-of-service) attacks, the Ethereum network and its developers are struggling to deal with yet another major flaw. This time, major issues in regards to smart contracts have emerged, which have rendered the efforts of decentralized applications in the Ethereum network purposeless.
On November 1, the Ethereum development team and the founder of Solidity warned users and developers against a bug that allowed variables to be overwritten in storage.
Variables in a smart contract are agreements made between two or more parties. Thus, if an attacker can gain access to the storage and alters the variables, crucial agreements in decentralized applications can be affected and funds may be extracted, which may pressure developers to discard previous smart contract-based projects to recompile contracts.
Ethereum developers including Ansel Lindner stated that the development of an Ethereum application is failing to operate because of this bug.
"Imagine spending a year building an app for eth, just to find out the thing doesn't work," wrote Lindner.
He further noted that much like the memory bugs in Geth that continued to negatively affect the network for weeks, the recent smart contract bug will most likely lead to a series of other potentially fatal bugs.
"I could agree that it's a molehill on the side of a big mountain of other similar potentially fatal bugs," Lindner added.
Reitwiessner explains that luckily, Ethereum multi-signature wallet contracts are not affected. However, contracts containing two or more contracts will high likely be affected.
"The following contracts may be affected: Contracts containing two or more contiguous state variables where the sum of their sizes is less than 256 bits and the first state variable is not a signed integer and not of bytesNN type," Reitwiessner wrote.
Reitwiesnner recommended developers to deactivate and remove funds from already deployed smart contracts and compile new agreements using the Solidity release 0.4.4. Failure to do so may result in the loss of funds and may hugely impact decentralized applications that rely on these contracts.
To date, the Ethereum development team have discovered 10 vulnerable Ethereum smart contracts, 7 of which were exploitable.