After suffering an attack that froze the funds of over 500 wallets totaling $280 million in Ether, Parity has found yet another bug, this time in the way it handles consensus in mining.
The developers put out a report on Tuesday with details on the vulnerability, labeling it as “critical.”
“In the worst case, submitting a certain malformed transaction (coming from a 0xfff...fff address) to a mining Parity Ethereum node could have caused that node to produce a malformed block, which would still be treated as valid by other affected Parity Ethereum nodes,” Parity said.
All in all, this wouldn’t necessarily hurt the Ethereum network, but would likely cause confusion among nodes, eventually discarding the transaction as invalid. However, if these mining nodes controlled more than half the hashrate of the network, they would have validated the transaction.
Users of Parity are urged to download either the 1.10.6-stable or 1.11.3-beta versions of the software as soon as possible. Any older software will be affected by this bug.
Now that people are aware that the vulnerability exists, it’s important to ensure that a good portion of the network runs the new software to avoid any large-scale issues with consensus.
Parity claims that “the response to this situation was proactive” since no hackers as of yet have tried to exploit this problem.
With regards to the frozen ETH that’s still floating around after the previous incident, the developer said that it would take a hard fork of the Ethereum network to free up those funds.
“All of these funds are provably non-recoverable without a change in the blockchain’s state, opcode upgrades, or consensus rules modification,” the team said in a blog.
This article appeared first on Cryptovest