Infura - Issue of Consensus
Consensus isn’t just about agreement, it’s about changing things around.
There were problems across the Ethereum network today as consensus flaws were hit on mainnet.
Services running older versions of geth nodes found themselves stuck on a minority chain, creating a knock-on effect for all apps that were reliant on them.
Most users learnt of the issue when the Infura API went down. Infura is the largest node provider on the Ethereum network, they provide tools and infrastructure to some of the most commonly used Web 3.0 apps and CEXs, such as Metamask, Uniswap and Binance.
The service degradation of Infura revealed that Binance either relies on Infura or is running outdated nodes, neither of which are appropriate for such a large exchange.
Although it may seem odd that Infura was not running the latest geth versions, it makes sense that such a large scale operator would not be moving straight onto the latest version, as without a hard fork, there’s no urgent reason to switch from a stable working code to an unknown one. The search and analytics engine Blockchair also experienced issues, releasing the following tweet;
We're experiencing an issue with our #Ethereum explorer and working on a fix. It seems like there is a chain split, and some nodes (including ours and some miners') are stuck on a minority chain.
Lead developer at Blockchair, Nikita Zhavonronkov reported receiving the following error:
########## BAD BLOCK #########
<…>
Error: invalid merkle root (remote: 57cc91ee8b91b956592a27b14386abc2aba723b5f4f9e5d3181ace6b5d3cd433 local: 1f9ee59bfa683a25c7a15b626995a3ad7c58c571b40df96eea31e5c5eed9732d)
There were two serious vulnerabilities found in the geth network, both of which were found by John Youngseok Yang (Software Platform Lab), earning him 20k points on the Ethereum Bounty Program leaderboard.
To avoid exploitation, consensus flaws are not discussed on Github Issues, so the specific details of the vulnerabilities are not yet known. For those who are keen to know more about the technical details, Mhswende states that
“There may well be a write-up or devcon presentation about this in the future”
In order to minimise disruption, the Ethereum developers decided to hard fork.
As Péter Szilágyi wrote on Twitter;
It was an "unannounced hard fork" (from a bad chain to the good one). That said, silently fixing a bug dormant for 2+ years has a much lower chance of causing a disruption than raising awareness to it. We strive to minimize potential damage.
For anyone complaining about the outage of Infura, this incident should serve as a timely reminder to keep your node/s up to date, as once you delegate your node to another party, it’s their decision how they conduct their business.
Infura have been transparent about the whole affair, and are clearly working hard to fix the problem.
Infura is now back online, status updates can be found here.
The outage of Infura has made many of us realise how dependent we are on this single entity.
This is a centralised service acting as a gatekeeper to our decentralised system.
Individuals and institutions alike need to consider their approach going forward.
The perceived competence of large trusted exchanges such as Binance and Bithumb has fallen, as they were forced to disable ETH and ERC-20 withdrawals during the outage, despite having a responsibility to their users to not be affected by such incidents.
We cannot rely on Infura to this extent. Due to MetaMask’s default dependency on the centralised node provider, the entire Ethereum network became temporarily desolate, and gas shrank to only 12 gwei.
This is proof of an unhealthy dependence, and a clear indicator of the potential harm that could arise from such a dependency.
Do we want our digital society to reproduce the same mistakes as elsewhere, reliant on centralised single points of failure?
We’ve built a free internet but given it to a small group of centralised authorities - Chrome, Safari, Brave.. We’ve built an alternative internet where the original values of anonymity and decentralisation live on, yet we label it the Dark Net and access is limited to alternative, often blocked software.
We can’t let the same thing happen to cryptocurrency.
David Mihal wrote:
Today's Infura outage sent users scrambling to find an alternative RPC provider.
I just threw together http://ethereumnodes.com to be a central list of public, free RPC endpoints & their current status.
Michael O’Rourke pointed out
If your Metamask is down you can change the RPC provider to Pocket with the following URL
https://eth-mainnet.gateway.pokt.network/v1/5f3453978e354ab992c4da79…
Any failure of consensus is a serious issue. An unannounced hard fork suggests that these vulnerabilities, left unchecked, could have been very harmful to Ethereum.
Fortunately, thanks to the keen eyes of bug bounty hunters and the diligent work of Ethereum developers, no damage was done, and as Nikita Zhavonronkohov wrote on Twitter, the fix appears to be quite simple...
Images from 12 Angry Men
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
disclaimer:
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
Onyx Protocol - Rekt II
Another Compound v2 fork that just can't catch a break, Onyx Protocol, has been exploited again. This time, the damage tally stands at a cool $3.8 million, siphoned off by the same high-profile vulnerability that bit them late last year.
Radiant Capital - REKT
2024 is off to a bright start... Lending protool Radiant Capital lost $4.5M, to a known bug. Keeping up with the security landscape is key, especially when dealing with forked code.
Onyx Protocol - REKT
Compound fork Onyx Protocol lost $2.1M to a high-profile, well-known vulnerability on Tuesday. Many protocols have fallen victim to repeated vulnerabilities so far this year. Are devs paying attention?