Hello Validators and Node Operators,
As you might be aware, the
go-ethereum team released v1.10.8 yesterday to address a security vulnerability in their Ethereum client. The
celo-blockchain client is a fork of
cLabs developers analyzed the changes in order to determine the vulnerability’s implications and whether Celo was vulnerable. We determined that the bug fixed in
go-ethereum v1.10.8 is present in Celo’s blockchain client, but that fixing it safely would have to be done as a hard fork.
We also determined that the bug only manifests itself in an extreme edge case, so that it can result only in specifically crafted smart contracts executing incorrectly. Therefore, there’s no possibility of loss of funds with this bug. Since Celo only has a single client implementation, it cannot lead to a consensus failure and the network stalling. We therefore decided that the fix is not urgent and does not warrant its own hard fork. Instead, we will include the fix in the upcoming regularly-scheduled “E” hard fork. We believe that neither network availability or safety of funds are at risk.
We will be covering this briefly in tomorrow’s Celo’s All-Core Dev Call as part of the E-Hardfork agenda and other topics.
We look forward to seeing you there.
The cLabs Team