Creating a list of critical vulnerabilities has the potential to lead to adverse financial consequences and puts the Ethereum network at risk, says Geth team leader Peter Silagyi.
On Friday, during a conference call, leading developers of the second most capitalised cryptographic currency raised the issue of what happened earlier this week, „an unannounced hardfork“.
On 11 November, Infura and several other Ethereum infrastructure services faced service interruptions. This caused a delay in the flow of ETH quotations and ERC-20 tokens, and some exchanges stopped withdrawing funds.
It later turned out that the interruptions were due to consensus errors in older versions of Geth’s client. Due to the fact that part of the network has not been updated to the latest version, Ethereum was split into two circuits on block 11234873.
In a comment from CoinDesk, Summa’s founder, James Prestvich, stated that it is common in open source software to give advance notice to those affected by a vulnerability. He believes that Geth representatives should have informed users about possible problems.
The head of Geth, Peter Silagyi, said that exposing vulnerabilities puts the system at risk. Such information, he said, can not only reach the attackers, but also give some projects an unjustified competitive advantage. For example, such an advantage in case of prior disclosure of a bug could be obtained by Infura representatives.
Szilagyi believes that developers should continue to follow the current approach, i.e. not to spread information about vulnerabilities. He did, however, agree that Geth should have informed users about the existence of vulnerabilities in earlier versions of the client.
The developer of Ethereum, Mika Zolto, also opposed the creation of a list of notifications about critical vulnerabilities.
In September, Ethereum co-founder Vitalik Butterin said that a potential 51% attack on the ETH 2.0 network would not be fatal.