New Parity Update Addresses RPC Request Crashing Ethereum Network Nodes

February 4, 2019

In 2019, not a week goes by in the cryptocurrency industry without some sort of worrisome development. Parity, one of the more popular technology stacks in the Ethereum ecosystem, has issued a major security alert. It seems a new attack vector against network nodes has been uncovered which could ultimately force network nodes offline. Luckily, a fix is ready to be downloaded.

Parity Security bug is Worrisome

As has become the standard in the cryptocurrency industry, security warnings should not be taken lightly. Every potential bug, flaw, or exploit needs to be addressed as quickly as possible. It is also up to individual users and network participants to ensure they are up-to-date in terms of both software and information. For those users who run Parity Ethereum nodes, the latest security alert will be rather worrisome, all things considered.

To put this in perspective, a new actor vector was reported to the Parity team over the weekend. As part of this potential bug, it quickly became apparent malicious actors could effectively take network nodes offline by forcing it to crash. This is done through a very specific RPC request which can be sent to any public Parity Ethereum node on the network today. Anyone running a software version that is not 2.2.9-stable or 2.3.2-beta will remain susceptible to this attack, for the time being.

Although one always has to wonder if such an attack vector would be used, the fact it exists can pose many different problems. For network users, having their node kicked offline might not seem like a big problem, yet it can disrupt overall Ethereum network operations if enough nodes suffer from the same problem. It is good to see the Parity team address these problems in such a swift manner.

What is rather remarkable is how this bug can affect commonly used public network service providers. The list includes MyEtherWallet, MyCrypto, Infura, and other pieces of the Ethereum infrastructure which are publicly accessible. For the time being, it seems unlikely any attack will be carried against these providers, although one cannot dismiss the possibility someone will at least try to wreak havoc sooner or later.

Updating one’s Parity software should not pose any significant problems as of right now. In fact, the updates are made available already and users can download the new client accordingly. Upgrading parity nodes shouldn’t take all that long either, although there will undoubtedly be some delays as to when all service providers are on board again. Some network nodes will be upgraded automatically, as explained in the original post.

The revelation of this new node bug is a great example of why bounty programs matter. They are invaluable in the ever-changing world of cryptocurrency,  Without a system in place to make accurate reports regarding potential discrepancies, a problem on this scale could have remained unnoticed for weeks on end. Due to the bug bounty program, the matter was addressed swiftly, which is the way things should work.

About The Author

Jdebunt

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.