[Again … and by a simple Remote Procedure Call (RPC)]
Parity, which is a popular technology stack for Ethereum users, said it had received notification of a loophole which would allow an attacker to shut down nodes running its client.
“On February 3rd, we received several reports that an attacker can send a specially-crafted RPC request to a public Parity Ethereum node (any version pre 2.2.9-stable and pre 2.3.2-beta) and that node will crash,” officials summarized.
On social media, Parity confirmed it had issued a patch to fix the vulnerability within hours, with nodes running the affected versions nonetheless required to update their software.
“While the vulnerability only directly affects Parity Ethereum nodes that serve JSONRPC as a public service (e.g., Infura, [MyEtherWallet], MyCrypto, etc), we recommend everyone to update their nodes immediately,” a tweet read.
In late 2017, one user of Parity’s Ethereum (ETH) wallet accidentally quarantined 513,774.16 ETH (around $54 million). In April 2018, an Ethereum Improvement Proposal (EIP) that would restore a disabled contract to unfreeze the funds was voted down.
In June 2018, another vulnerability discovery led to a similar request to install node updates.
Last month, the organization received a grant from the nonprofit Ethereum Foundation worth $5 million to fund development on Casper, sharding and infrastructure.