The Ethereum Foundation has released information on the vulnerability fixed in the Berlin hard fork. The vulnerability was discovered back in 2019 and could lead to the shutdown of the Ethereum blockchain.
According to a blog post by the Ethereum Foundation, a vulnerability was discovered two years ago that posed a “serious threat to Ethereum” and was fixed after the Berlin hard fork was activated last month. The threat was a “public knowledge” and the developers claim that it was once publicly disclosed by mistake. After the deployment of the hard fork, the Berlin Ethereum Foundation assessed the level of threat as low enough, which allows public disclosure of information about it:
“It is important for the community to be able to understand the reason for the changes that are negatively affecting the network experience, including higher gas prices.”
In the article, the developers explain that the state of Ethereum is formed in the Patricia-Merkle tree, conceptually comparing new accounts on the Ethereum network with new leaves of the tree. With the growth of the Ethereum network since October 2016, gas costs have increased to protect against DDoS attacks, including the controversial EIP-1884 proposal.
In 2019, Ethereum security researchers Hubert Ritzdorf, Matthias Egli, and Daniel Perez teamed up to test the vulnerability. The attack launched random tree searches that could “lead to blocking in the minute range.” The researchers report that the delays caused by the attack will increase as the state of Ethereum grows, “allowing for effective DoS attacks on the network.”
After various developer proposals were turned down during 2020, Vitalik Buterin teamed up with Martin Swende to create the EIP-2929 and EIP-2930. These updates raised gas prices “for tools that weren’t already available” to prevent an attack. The EIPs were rolled out as part of the Berlin update on April 15, 2021. According to the developers, the update reduced the vulnerability by 50 times.
