Author: Sophia Brown

[Last update: July 5, 2016] The Ethereum Foundation and Wanxiang Blockchain Labs are excited to jointly announce the International Blockchain Week in Shanghai, which will take place at Hyatt on the Bund, September 19–24, 2016. Both Ethereum’s Devcon and Wanxiang Blockchain Labs’ Global Blockchain Summit were sold out last year with great interest and anticipation for this year’s events. Now, people who wish to attend both events can do so in the same week. The combined event features a unique three-segment format that allows people to attend any combination of days that best addresses their needs. Two new features include…

After almost three months into the “reboot” of the C++ team, I would like to give an update about the team itself, what we did and what we plan to do. Team update The so-called C++ team currently consists of Paweł Bylica (@chfast), Greg Colvin (@gcolvin), Liana Husikyan (@LianaHus), Dimitry Khokhlov (@winsvega), Yann Levreau (@yann300), Bob Summerwill (@bobsummerwill), me (@chriseth) and (kindly “donated” by Eris Industries) RJ (@VoR0220). Paweł is the original author of the llvm-based EVM-to-native just-in-time compiler, re-joined in April and will continue improving the JIT. Greg joined in February and already achieved substantial speedups for the C++ implementation…

Special thanks to Tim Swanson for reviewing, and for further discussions on the arguments in his original paper on settlement finality. Recently one of the major disputes in ongoing debate between public blockchain and permissioned blockchain proponents is the issue of settlement finality. One of the simple properties that a centralized system at least appears to have is a notion of “finality”: once an operation is completed, that operation is completed for good, and there is no way that the system can ever “go back” and revert that operation. Decentralized systems, depending on the specific nature of their design, may…

Affected configurations: All Go client versions  Likelihood: Very low Severity: High Details: A bug in Geth (and potentially other clients) may suffer from a DoS attack and allows remote attackers to stall synchronisation process almost indefinitely by supplying a valid, lighter chain. More information will be given out a later time including the report that was submitted through the bug bounty program. Effects on expected chain reorganisation depth: None Proposed temporary workaround: None Remedial action taken by Ethereum: Provision of hotfixes as below: If you’re using Mist: download the updated binary from the release page If using the PPA: sudo apt-get update then sudo apt-get upgrade If using brew: brew update then brew…

Affected configurations: cpp-ethereum (eth, AlethZero, …) version 1.2.0 up to 1.2.5 (fixed in 1.2.6) Note: Neither “geth” nor “Mist” nor the “Ethereum Wallet” (unless explicitly used together with cpp-ethereum) are affected by this, they lock accounts correctly again.Severity: HighPossible Attacks:</stro… Source link

The Ethereum Virtual machine is kind of different than most other Virtual Machines out there. In my previous post I already explained how it’s used and described some of its characteristics. The Ethereum Virtual Machine (EVM) is a simple but powerful, Turing complete 256bit Virtual Machine that allows anyone to execute arbitrary EVM Byte Code. The go-ethereum project contains two implementations of the EVM. A simple and straightforward byte-code VM and a more sophisticated JIT-VM. In this post I’m going to explain some of the differences between the two implementations and describe some of the characteristics of the JIT EVM and why it can be so…

Affected configurations: cpp-ethereum (eth, AlethZero, …) version 1.2.0 up to 1.2.6 Note: Neither “geth” nor “Mist” nor the “Ethereum Wallet” (unless explicitly used together with cpp-ethereum) are affected by this, they lock accounts correctly again. This is just a quick head’s up that cpp-ethereum’s security issue around account security is not yet properly fixed. The fix that is part of cpp-ethereum version 1.2.6 did not decrease the security, but it also did not fix the bug completely. We will work towards another bugfix release and announce it once the fix is properly verified. A fix is now available: Release 1.2.7…

Solidity was started in October 2014 when neither the Ethereum network nor the virtual machine had any real-world testing, the gas costs at that time were even drastically different from what they are now. Furthermore, some of the early design decisions were taken over from Serpent. During the last couple of months, examples and patterns that were initially considered best-practice were exposed to reality and some of them actually turned out to be anti-patterns. Due to that, we recently updated some of the Solidity documentation, but as most people probably do not follow the stream of github commits to that…

London, United Kingdom, June 14, 2016 – The Ethereum Foundation is pleased to announce Microsoft as the Premiere Sponsor of Devcon2, the Ethereum developer conference in Shanghai, 19-21 September, 2016. Devcon2, which will showcase the most up-to-date research and development work supported by the Foundation, also represents the most comprehensive Ethereum-focused developer’s conference to date. The Ethereum Foundation’s Chief Scientist, Vitalik Buterin, notes that “We are very happy to have Microsoft’s sponsorship for Devcon2 and highly appreciate their continued support and collaboration with the Ethereum Foundation and the Ethereum ecosystem. We look forward to continuing to work together in the…

An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction. The leaked ether is in a child DAO at https://etherchain.org/account/0x304a554a310c7e546dfe434669c62820b7d83490; even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for…