Vitalik Buterin Attack vector

Ethereum (ETH) Founder Vitalik Buterin Denies Attack Vector

Ethereum (ETH)–Co-founder of Ethereum and cryptocurrency figurehead Vitalik Buterin has denied rumors that a proposed feature in the upcoming Constantinople hard fork will allow for an attack vector on the ETH currency.

Buterin, speaking in an Ethereum core developer call held on Feb. 15 dismissed allegations and industry chatter that a smart contract creation feature, originally proposed by Buterin himself, would put the security of Ethereum’s blockchain at risk. Other core developers also vouched their support for Buterin and denounced the feature would outright hamper ETH functionality.

Create2, the improvement proposal at the heart of the commotion, is supposed to allow for user interactions with contracts that don’t currently exist on the blockchain, but may be pertinent to future development. The specifics of the proposal, contained under EIP-1014 states that Create2 will allow for “addresses that do not exist yet on-chain but can be relied on to possibly eventually contain code.”

Buterin had the support of other developers during yesterday’s conference call, but the original concerns over Create2 were voiced by ETH developers who claimed that the proposal had the potential for a serious attack vector on Ethereum’s blockchain. As laid out in these concerns, manipulating yet to be created smart contracts could allow users to code changes of address following their deployment, leading some to question the implication of Trojan horse deals being formed on Ethereum’s network.

Developer Jeff Coleman, in particular, voiced concerns over the ability for address commitments to be manipulated according to the new proposal,

“One of the things that is counter-intuitive about Create2 is that theoretically redeployments can change the contract byte code, because the address is only a commitment to the init code. People need to be aware that init codes are part of auditing, […] that non-deterministic init codes are a problem.”

Coleman went on to give his reasoning for how the issue could be rectified to prevent change of addresses or self-destruct following the initial establishment of the contract’s code,

“When we look forward to where we want to end up […] it would be to have all addresses […] contracted via the init code. We need content-based addressing of contracts, and not just order-based addressing, which is what Create1 is. So if we get to the place where Create2 is standard, get rid of self destruct entirely […] we could throw out this idea of a contract nonce.”

Buterin, for what it’s worth, supported his original position on Create2 as forward thinking, even if it creates a few bumps in the road to be smoothed out in the interim. Speaking on the growth of Ethereum smart contracts in the long term, Buterin told call audiences,

“The one thing we need to keep in mind is more for the future, when thinking about rents and deletion; that’s a way that can lead to contracts being in a state to being not in a state without a self-destruct operation […]. It’s not something we need to figure out in the next few weeks, but it’s still useful to keep in mind when getting the ETH 2.0 sharding to a VM spec very soon.”

With the Constantinople hard fork looking to shake up Ethereum and the broader landscape of cryptocurrency, the second largest coin by market capitalization could further its market dominance as the smart contract platform of choice. Bitcoin has managed to secure a dominant lead at the head of the industry, but Ethereum, with the support of ERC-20 backed ICOs and smart contract oriented developers, has managed to carve out a sizable market share.

Title image courtesy of