The Constantinople hard fork in the Ethereum network was reportedly postponed due to a crucial security vulnerability that was detected by the team of a smart contract audit firm ChainSecurity.
ChainSecurity has prepared and unveiled the report about the problem in its blog on January 15.
According to available data, the Constantinople upgrade was expected to cut gas cost for transactions within the network, though a side-effect was discovered.
"This code is vulnerable in an unexpected way: It simulates a secure treasury sharing service. Two parties can jointly receive funds, decide on how to split them, and receive a payout if they agree," the blog post reads.
In other words, it makes possible reentrancy attacks, which means that an attacker can run the same function several times, stealing assets from users’ wallets and users do not receive any notifications about the changes in ETH balance.
The vulnerability substantially resembles the one discovered during The DAO hacking back n 2016.
The Ethereum representatives confirmed they are aware of the situation. During the conference held Tuesday, Ethereum developers and representatives of other projects and Ethereum community agreed on the need for a delay of the hard fork until the issue is resolved. A new schedule is likely to be determined this Friday.
The current situation will reportedly affect the mining rewards for each block, which may decrease from 3 ETH to 2, and thus inflation is likely to decrease. At the same time, volatility is possible since the miners can strive to sell ETH to cover their inputs and increase revenue.