Upgrade Complete? Ethereum's New Software Isn't Quite Stable Yet

Ethereum's fork may have executed earlier this week, but that doesn't mean developers are ready to call the software transition complete.

One of the biggest-ever changes to the world's second-largest blockchain, ethereum's hard fork was a risky and complex process. To transition successfully, all nodes (the computers that run the software) were required to universally install upgrades – a transition that was expected and encouraged to occur simultaneously across the global platform.

However, in the case of the Byzantium fork, that's not exactly what happened.

As the upgrades were released mere days before the hard fork, a sizeable portion of the network has yet to make the shift. In fact, at press time, only 25.1 percent of Parityhttps://ethernodes.org/network/1/forkWatch/parity and 58.4 percent of Gethhttps://ethernodes.org/network/1/forkWatch/geth, the most popular ethereum clients, have upgraded, meaning roughly 45 percent of the network is running the new software.

The short testing runway also had other impacts: namely, previous iterations of the software were retracted due to critical faults that could have exposed the network to denial-of-service attacks, or created incompatibility between nodes, leading to a split of the network.

As a result, some may be wondering whether ethereum is safe to use, and given the state of affairs, this remains an open question. For one, there are a few types of faulty software clients out there, and several contain a "consensus bug" which could lead to the inadvertent creation of multiple ethereum blockchains.

For this reason, ethereum core developer Gavin Wood told CoinDesk he would "urge caution" to any major players taking on large-scale projects until the upgrade is deemed to be fully stable.

Risks remain

Aside from the faulty nodes that have yet to upgrade, there's also a chance of security bugs in the current Byzantium software.

The most severe and frequent of these is the consensus bug (as mentioned above), which occurs when nodes cannot communicate and the blockchain splits into incompatible chains. Developers are now said to be running tests to try and locate these risks, hoping to catch any before they active.

According to Wood, if the network does contain this bug, it will take time to show itself. "I don't think anyone believed the network was going to self-combust on block 4,370,000," Wood said.

Rather, if there is a problem, it will come to light over the following days.

And if this does happen, Wood is confident the developer team will release debugged software variations quickly, to avoid any excessive damage to the platform.

Regarding the faulty software that is already out there, lead security developer for ethereum Martin Holst Swende said this isn't a cause for concern.

If consensus splits happen as a result of running the old software, he assured: "They'll simply be dropped off the chain, [then] look into it and update their client."

Of course, ethereum is no longer monitoring these nodes, so if a bug does show up, it won't be visible on any of the blockchain explorers. Further, should the bug be exploited on the older software, we're unlikely to hear about it, beyond the "noise on Reddit," according to Holst Swende.

Lessons learned

However, speaking on an online forum, ethereum founder Vitalik Buterin wrote that one or two months of further testing will be required before Byzantium can be deemed fully secure.

This might seem like a long time for a software that has been under such heavy development, but that's not to say there wasn't extensive security tests prior to release. Speaking on Reddit, ethereum developer Afri Schoedon said that Byzantium code had been available for several weeks before the hard fork, and was consistently passing all security checks before the bugs were discovered.

Ethereum relies on a number of security screening processes, but the one that probably didn't get sufficient airtime prior to release is what's known as a "fuzzer" – an automated testing process that can draw out the most subtle of code weaknesses.

This is a new security check for ethereum, and as core developer Peter Szilagyi explained, "It takes polish and effort to really make it part of the workflows."

He continued: "Rest assured that the fuzzer will be a much more organic part of the next fork preparation."

The fuzzer is now running to ensure the safety of Byzantium, and, so far, no bugs have been discovered since the hard fork. And while the whole experience has led some developers to vouch for more careful updating in the future, the ethereum team doesn't seem keen on dialing back its more aggressive approach to blockchain upgrades.

As Schoedon said:

"Lesson learned for future hard forks. Probably we will only decide on a block number after all client implementations are prepared."

Seismograph image via Shutterstock