In recent days, the Ethereum blockchain has split in two.

A chain split has occurred on the Ethereum mainnet. The issue was resolved in the v1.10.8 release announced previously. Please update your nodes, if you haven’t already! – Go Ethereum (@go_ethereum) August 27, 2021

The problem is complex and, although the solution already exists, it cannot yet be said to be completely solved.

The question concerns the most popular client for managing an Ethereum node, namely Geth. There are currently 3,988 synchronized nodes on the Ethereum network, of which 2,886 (72%) use this client.

The fact is that older versions of Geth contained a bug that was exploited by some bad guys to create a second modified chain.

In fact, although the bug had been known to the Geth development team for some time, on August 24 it had released the corrected version of the software, namely 1.10.8.

PSA: On Tuesday Aug 24th, Geth will issue a hotfix to a high severity security issue. Please make any necessary preparations to upgrade to the upcoming release (v.1.10.8). #ethereum #geth – Go Ethereum (@go_ethereum) August 18, 2021

Unfortunately, although in the announcement of the launch of the new version it was explicitly written that it contained a hotfix for a very serious security problem, initially only 30% of the nodes updated the client to the new version.

The nodes of Ethereum

Currently still only 62% of the 2,895 Ethereum nodes that use Geth have updated to the latest version, so 1,089 nodes remain exposed to the attack. This is 27% of the total synchronized nodes of the Ethereum network.

Although the Geth development team has never publicly disclosed the nature of the bug, in order to prevent it from being easily exploited, after the publication of the announcement on August 18, some malicious people found it and exploited it to prevent nodes that still use the old client version to add blocks.

However, given that the Ethereum protocol in cases of chain-split like this trusts the longest chain, and given that 73% of nodes are not affected by the bug, the network has continued to work, so much so that users of ETH and the various ERC-20 tokens did not actually notice that much.

Also, at the time of the exploit, most ETH miners were already using clients unaffected by this bug, so most of the hash power continued to operate on the correct chain. However, initially some powerful miners, including BTC.com, Binance and Flexpool, were continuing to use the old versions of Geth, but once contacted by the Geth team, and warned of the serious problem, they updated their clients, effectively making get back the bulk of the problem.

Finally, it should be remembered that nowadays the vast majority of wallets do not download and verify the entire blockchain, also because that of Ethereum even weighs 345 GB, but trusts the data it acquires from a certain number of nodes. On the other hand, in theory all nodes should have stored the exact same blockchain, so only in case of split can there be problems. However, since the vast majority of nodes are no longer affected by the problem, Ethereum wallets work correctly.

How to deal with this bug

Whoever owns and manages a node of any decentralized and permissionless network has no obligation or duty to keep the software up to date. This means that in cases like this you simply have to hope that as many nodes as possible are updated, and even if you warn in time that it is necessary to do so, an immediate response is not always obtained, even if the problem should be serious.

Usually, however, in these cases it is sufficient to wait for as many node managers as possible to realize the existence of the problem and update.