Buggy Code Release Knocks 13% of Ethereum Nodes Offline

A “critical bug” has left 13% of Ethereum nodes useless, highlighting what is a growing chink in the network’s armor: client centralization.

First hinted at in May and June on GitHub, minority clients Parity-Ethereum and OpenEthereum versions 2.7 and later contain an unknown critical bug that stops nodes from syncing with the network’s latest block.

Such bugs would be a normal issue if it weren’t for the length of time it will take to fix (weeks to months) and additional strain it’ll place on the majority client, Geth.

Clients themselves are different programming language implementations of blockchain software. Running multiple implementations together is considered a way to thwart network attacks by having concurrent yet separate systems running.

It’s proven to be a helpful model historically. For example, the 2016 Shanghai attacks saw Geth momentarily shut down following a distributed denial of service (DDOS) attack. Parity-Ethereum managed to keep the network afloat single handedly.

The Ethereum Foundation-backed Geth client now supports some 80% of the $43 billion network. This dependency is a recognized attack vector that has forced developers to postpone the July hard fork, Berlin, so minority clients could gain some traction. 

Yet, eight weeks later Geth’s pie share has only grown larger. And it’s likely to climb as these broken node operators have a decision on their hands: turn off their client, back up to an old client version or swap to another client entirely.

Geth did not return questions for comment by press time.

It was an open secret among Ethereum developers that the Parity-Ethereum client was not up to spec. Indeed, OpenEthereum project manager Marcelo Ruiz de Olano told CoinDesk in a private message that his team found both unresolvable and “very severe issues affecting memory and disk usage.”

Parity Technologies, which originally founded the Parity-Ethereum client, stepped away from maintenance in December 2019, citing costs. The client was then handed off to a decentralized autonomous organization (DAO) of developers funded by ConsenSys spinout Gnosis, called OpenEthereum.

A cursory glance comparing Geth’s and Parity-Ethereum’s codebase commits on GitHub, particularly after the December transition, leads to some more questions about the latter’s codebase integrity, as noted by non-custodial marketplace LocalCryptos in a May tweet.

In the meantime, the OpenEthereum team has urged node operators to turn back the clock to 2019’s version 2.5 to bring nodes back online. De Olano said he has four engineers on the project alone and hopes to have a workable client by mid-September. Still, client diversification will remain an issue without additional support, he said.

“Ultimately this is a community project to increase the client diversity in Ethereum and everyone’s help is appreciated,” de Olano said.