Difference between revisions of "Geth"
(→Bugs) |
m |
||
(One intermediate revision by the same user not shown) | |||
Line 3: | Line 3: | ||
* By installing and running geth, you can take part in the [[ethereum]] [[frontier]] live network and; [[Mining|mine]] [[ether]], transfer funds between [[Address|addresses]], create [[contracts]] and send [[Transaction (Tx)|transactions]], explore [[block]] history | * By installing and running geth, you can take part in the [[ethereum]] [[frontier]] live network and; [[Mining|mine]] [[ether]], transfer funds between [[Address|addresses]], create [[contracts]] and send [[Transaction (Tx)|transactions]], explore [[block]] history | ||
* A official reference implementation of Ethereum (CLI) | * A official reference implementation of Ethereum (CLI) | ||
*[[Golang]] client of the [[Go-Ethereum|go-ethereum]] | |||
* [[Golang]] client of the [[Go-Ethereum|go-ethereum]] | |||
* [[Go]] is easy to build, code and read but loses some of the speed. | * [[Go]] is easy to build, code and read but loses some of the speed. | ||
* The command line interface for running a full ethereum [[node]] implemented in Go. It is the main deliverable of the Frontier Release | * The command line interface for running a full ethereum [[node]] implemented in Go. It is the main deliverable of the Frontier Release | ||
*Other CLI’s are eth; [[C++]] & Pyethapp | |||
* | == Bugs == | ||
* [https://newsletter.blockthreat.io/p/blockthreat-week-11-2023 From] Blockthreat (3-2023): | |||
''"Geth patched a DoS vulnerability first discovered on [[Goerli]] Testnet."'' | |||
* [https://newsletter.blockthreat.io/p/blockthreat-week-19-2022?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJfIjoicTgvVWsiLCJpYXQiOjE2NTMwNDQxOTMsImV4cCI6MTY1MzA0Nzc5MywiaXNzIjoicHViLTgxMDUiLCJzdWIiOiJwb3N0LXJlYWN0aW9uIn0.2LxsdvvkfjDi1zv_Gy0LzmKhuCpQtIEdVQ5FW6Lo8Ng&s=r From] Blockthreat (19-5-2022): | * [https://newsletter.blockthreat.io/p/blockthreat-week-19-2022?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJfIjoicTgvVWsiLCJpYXQiOjE2NTMwNDQxOTMsImV4cCI6MTY1MzA0Nzc5MywiaXNzIjoicHViLTgxMDUiLCJzdWIiOiJwb3N0LXJlYWN0aW9uIn0.2LxsdvvkfjDi1zv_Gy0LzmKhuCpQtIEdVQ5FW6Lo8Ng&s=r From] Blockthreat (19-5-2022): | ||
''"Geth patched a DoS [https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5 vulnerability] caused by a malicious p2p message."'' | ''"Geth patched a DoS [https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5 vulnerability] caused by a malicious p2p message."'' | ||
Line 24: | Line 27: | ||
== Team == | == Team == | ||
* Maintained by the [[Ethereum Foundation]] | * Maintained by the [[Ethereum Foundation]] | ||
* Péter; lead dev | * [[Péter Szilágyi]]; lead dev ([https://x.com/peter_szilagyi/status/1857703746236788974 took] a sabbatical as of 11-2024). | ||
[[Category:Companies/Organisations]] | [[Category:Companies/Organisations]] |
Latest revision as of 03:01, 20 November 2024
Basics
- Main Ethereum client
- By installing and running geth, you can take part in the ethereum frontier live network and; mine ether, transfer funds between addresses, create contracts and send transactions, explore block history
- A official reference implementation of Ethereum (CLI)
- Golang client of the go-ethereum
- Go is easy to build, code and read but loses some of the speed.
- The command line interface for running a full ethereum node implemented in Go. It is the main deliverable of the Frontier Release
- Other CLI’s are eth; C++ & Pyethapp
Bugs
- From Blockthreat (3-2023):
"Geth patched a DoS vulnerability first discovered on Goerli Testnet."
- From Blockthreat (19-5-2022):
"Geth patched a DoS vulnerability caused by a malicious p2p message."
- Geth has issued a hotfix to a high-severity security issue in its code (24-8-2021).
- Samczun has written (27-5-2021) about bugs he found within go-ethereum (Geth). The first one was a bug in Geth’s uncle validation routine which did not behave correctly given a specially crafted uncle. If exploited, this could have caused an accidental fork between Geth and Parity nodes. And the second one was a bug in Geth’s state downloader which could be used to trick it into syncing with mainnet incorrectly. If exploited, an attacker could have booby trapped the Ethereum blockchain and triggered a hard fork at will.
"There were two serious vulnerabilities found in the geth network, both of which were found by John Youngseok Yang (Software Platform Lab), earning him 20k points on the Ethereum Bounty Program leaderboard. In order to minimise disruption, the Ethereum developers decided to hard fork.
Services running older versions of geth nodes found themselves stuck on a minority chain, creating a knock-on effect for all apps that were reliant on them. Most users learnt of the issue when the Infura API went down."
- From Daily Gwei (8-7-2020):
"The most famous was the “Shanghai DoS Attacks” of late 2016. This attack basically took Geth nodes offline which meant the network was relying on Parity Ethereum to handle the load. Obviously this is a perfect example of why having a multi-client network is hugely beneficial - if Ethereum was just relying on Geth then the entire network would have been taken down with this attack."
Team
- Maintained by the Ethereum Foundation
- Péter Szilágyi; lead dev (took a sabbatical as of 11-2024).