Author: Olivia Martinez

On December 16, we were made aware that someone had recently gained unauthorized access to a database from forum.ethereum.org. We immediately launched a thorough investigation to determine the origin, nature, and scope of this incident. Here is what we know: The information that was recently accessed is a database backup from April 2016 and contained information about 16.5k forum users.The leaked information includes Messages, both public and privateIP-addressesUsername and email addressesProfile informationHashed passwords ~13k bcrypt hashes (salted)~1.5k Wordpress-hashes (salted)~2k accounts without passwords (used federated login) The attacker self-disclosed that they are the same person/persons who recently hacked Bo Shen.The attacker…

December marks a month of continued progress in the Ethereum ecosystem. Research on proof of stake and sharding continues after the research team’s workshop in Singapore in November, the light client slowly keeps getting better, Whisper and Swarm keep moving forward, and discussions on protocol economics and community governance continue to mature. First, privacy technologies on Ethereum, and particularly zk-SNARKs (or “zero knowledge proofs”), have been rapidly moving forward. Vlad Zamfir has taken it upon himself to explain the history behind Casper, from his point of view: On proof of stake from myself: Vlad has also taken it upon himself to rail against…

The first version of the Light Ethereum Subprotocol (LES/1) and its implementation in Geth are still in an experimental stage, but they are expected to reach a more mature state in a few months where the basic functions will perform reliably. The light client has been designed to function more or less the same as a full client, but the “lightness” has some inherent limitations that DApp developers should understand and consider when designing their applications. In most cases a properly designed application can work even without knowing what kind of client it is connected to, but we are looking into…

Members of the Ethereum R&D team and the Zcash Company are collaborating on a research project addressing the combination of programmability and privacy in blockchains. This joint post is being concurrently posted on the Zcash blog, and is coauthored by Ariel Gabizon (Zcash) and Christian Reitwiessner (Ethereum). Ethereum’s flexible smart contract interface enables a large variety of applications, many of which have probably not yet been conceived. The possibilities grow considerably when adding the capacity for privacy. Imagine, for example, an election or auction conducted on the blockchain via a smart contract such that the results can be verified by any…

During the last month and a half, the Ethereum core development and research teams have been building upon the progress made in the last year, and with the specter of last year’s security issues now well behind us, work has begun in full force on implementing the Metropolis hard fork. First, ongoing progress on the collaboration with the Zcash team and the implementation of zk-SNARKs: On the proof of stake front, myself and Vlad and others have continued to solidify the Casper specification and converge on a roadmap. A key focus of our work has been on a notion of…

It’s been a fairly busy for the last couple of months for the Ethereum javascripters. To start with, there was a really great hackathon with IPFS. You can read Dan Finlay’s excellent write up here. Also, during this time Aaron Davis (Kumavis) made some excellent progress towards a JS light client by utilizing IPFS’s libp2p to build a in-browser mesh network and IPLD to provide the merklization layer. This will be important work in the future for building pure in-browser clients. Also Casey Detrio worked on a standard json RPC test suite, which you can see the results of here. After the Seattle Meetup,…

The last one and a half months have seen great progress for Ethereum research, and we are excited that the protocol is moving closer and closer to the point where it is ready for mainstream adoption. Progress on consensus algorithms, privacy, zero knowledge proofs and formal verification is happening at increasing speed, and our research and development teams are expanding substantially. After three years of trying to find solutions to the “nothing at stake” and “stake grinding” attacks, we have decided that the problem is too hard, and secure proof of stake is almost certainly unachievable. Instead, we are now…

The last one and a half months have seen great progress for Ethereum research, and we are excited that the protocol is moving closer and closer to the point where it is ready for mainstream adoption. Progress on consensus algorithms, privacy, zero knowledge proofs and formal verification is happening at increasing speed, and our research and development teams are expanding substantially. A large amount of progress has been made on Casper. You can find a few Medium posts describing the algorithm here: And a few blog posts from Yoichi formally proving correctness: And on “Vlad Casper”: And it’s not just…

Cramming in a lot more goodies than originally anticipated, the Go Ethereum team is proud to finally deliver the first incarnation of the 1.6 Geth release series! Glimpsing through the commit list, this is going to be a monster post! Toml configuration files For a very long time now, people were requesting that we support configuration files to aid in switching between different public and pirate chains. We didn’t focus much on private networks, so we’ve always pointed people towards using shell scripts in those cases. Although they are suitable for many scenarios, shell scripts aren’t portable across different operating…

A bug in the Solidity optimizer was reported through the Ethereum Foundation Bounty program, by Christoph Jentzsch. This bug is patched as of 2017-05-03, with the release of Solidity 0.4.11. Background The bug in question concerned how the optimizer optimizes on constants in the byte code. By “byte code constants”, we mean anything which is PUSHed on the stack (not to be confused with Solidity constants). For example, if the value 0xfffffffffffffffffffffffffffffffffffffffffffffffe is PUSHed, then the optimizer can either do PUSH32 0xfffffffffffffffffffffffffffffffffffffffffffffffe, or choose to encode this as PUSH1 1; NOT;. An error in the optimizer made optimizations of byte…