Difference between revisions of "Geth"
From CryptoWiki
m (1 revision imported) |
(→Bugs) |
||
| Line 1: | Line 1: | ||
== Basics == | == Basics == | ||
* Main [[Ethereum (ETH)|Ethereum]] [[client]] | * Main [[Ethereum (ETH)|Ethereum]] [[client]] | ||
* By installing and running geth, you can take part in the ethereum frontier live network and; [[Mining|mine]] ether, transfer funds between [[Address|addresses]], create contracts and send [[Transaction (Tx)|transactions]], explore [[block]] history | * By installing and running geth, you can take part in the [[ethereum]] [[frontier]] live network and; [[Mining|mine]] [[ether]], transfer funds between [[Address|addresses]], create [[contracts]] and send [[Transaction (Tx)|transactions]], explore [[block]] history | ||
* A official reference implementation of Ethereum (CLI) | * A official reference implementation of Ethereum (CLI) | ||
| Line 11: | Line 11: | ||
== Bugs == | == Bugs == | ||
* [https:// | * [https://newsletter.blockthreat.io/p/blockthreat-week-19-2022?token=eyJ1c2VyX2lkIjoxMzk3OTAwLCJfIjoicTgvVWsiLCJpYXQiOjE2NTMwNDQxOTMsImV4cCI6MTY1MzA0Nzc5MywiaXNzIjoicHViLTgxMDUiLCJzdWIiOiJwb3N0LXJlYWN0aW9uIn0.2LxsdvvkfjDi1zv_Gy0LzmKhuCpQtIEdVQ5FW6Lo8Ng&s=r From] Blockthreat (19-5-2022): | ||
''" | ''"Geth patched a DoS [https://github.com/ethereum/go-ethereum/security/advisories/GHSA-wjxw-gh3m-7pm5 vulnerability] caused by a malicious p2p message."'' | ||
* [https://rekt.ghost.io/infura-issue-of-consensus/ From] [[Rekt]] (10-11-2020): | *Geth has [https://www.coindesk.com/tech/2021/08/24/ethereums-most-popular-software-client-issues-hotfix-to-high-severity-bug/ issued] a hotfix to a high-severity security issue in its code (24-8-2021). | ||
''"There were two serious vulnerabilities found in the geth network, both of which were found by [[John Youngseok Yang]] (Software Platform Lab), earning him 20k points on the Ethereum Bounty Program [https://bounty.ethereum.org/ leaderboard]. In order to minimise disruption, the Ethereum developers decided to hard fork.'' | *[[Samczsun|Samczun]] [https://www.paradigm.xyz/2021/03/the-block-mined-in-january-584942419325/ has] [https://www.paradigm.xyz/2021/05/booby-trapping-the-ethereum-blockchain/ written] (27-5-2021) about bugs he found within go-ethereum (Geth). The first one was a bug in Geth’s uncle validation routine which did not behave correctly given a specially crafted uncle. If exploited, this could have caused an accidental [[fork]] between Geth and [[Parity]] [[nodes]]. And the second one was a bug in Geth’s [[state]] downloader which could be used to trick it into syncing with [[mainnet]] incorrectly. If exploited, an attacker could have booby trapped the Ethereum [[blockchain]] and triggered a [[Hard Fork|hard fork]] at will. | ||
*[https://rekt.ghost.io/infura-issue-of-consensus/ From] [[Rekt]] (10-11-2020): | |||
''"There were two serious vulnerabilities found in the geth network, both of which were found by [[John Youngseok Yang]] (Software Platform Lab), earning him 20k points on the Ethereum Bounty Program [https://bounty.ethereum.org/ leaderboard]. In order to minimise disruption, the Ethereum developers decided to [[hard fork]].'' | |||
''Services running older versions of geth nodes found themselves stuck on a minority chain, creating a knock-on effect for all apps that were reliant on them. Most users learnt of the issue when the [[Infura]] [[API]] went down."'' | ''Services running older versions of geth nodes found themselves stuck on a minority chain, creating a knock-on effect for all apps that were reliant on them. Most users learnt of the issue when the [[Infura]] [[API]] went down."'' | ||
*[https://email.mg2.substack.com/c/eJxVkU-P2jAQxT8NuYEcO3_IwQcKhYbuBm0FdHcvyLEnYHDibOIQnE9fAz20kkcevfGbJ_nHmYGjbiytdWu8roXmIAX1SRInCHmCBsKfhlNPtoeiASiZVNQ0HXh1lyvJmZG6uhtCPE2Id6JhngD3URzFOCIhi4KiiAVPsCgK5HMcePeYA-uEhIoDhSs0VlfgKXoypm5HZDbCS3fMCYTLssce5KTt8tYwfplwXbpZ7YqNDVMw1sW47JSRteu5cjtNO3bW8cM7IkujL1CNyALs2qXv7TtWl_Ssb6_DhWy2s_5lvu5zkqG_Os62KXHVpqU6iXkavW53YbZIb9l5F27mvWTv2eDeSf5jL1-2O7tZXIZU9pKTvXzoq2QQc99-_l6exUpdc7lOJln3lmocBzON3j5-rvvBrhbf8qDgwe1qNx_fk7df7IS-yttn70mKEUYoRlOfhBGZTvxJW7KAJFImX2wUoPKI__sPr6GDUG5QN9ro6g7oITs-B3eXXSWNPUDFcgXiic48WT9IGFsDraBvFRgDzVN0PKMQxyH2XJLQbmdF_wXyBznawl4 From] [[Daily Gwei]] (8-7-2020): | |||
* | ''"The most famous was the “[https://email.mg2.substack.com/c/eJw1kMuOwyAMRb-m7BLxSBqyYNHN_EbEw01RCWTATJX5-iGtRrJs61rXlo_VCGvKh9pTQVIL5MU7xcQ8zZQSpwbH5CiJL8s9A2zaB4W5AtmrCd5q9CmehpHLWZCHultj3QBSjGaQ94GCmzRzRjvBKDdWkvPMoqvzEC0o-IF8pAgkqAfiXi7iduFfLUxIaw_4gAx161Nem8Ypu7ZC57PnLf3Puwj4SvnZ2ZozRAxHV6ODvCYf186l0mlEbZ_NQrzilFM6UcnEeBWyZ33Z9CBm7-dvfRnotvK-VFNOQ2_TRrL6daEN9pwwxZPAW24Alla3Gj0eC0RtArgPG_zAfL-Kxw4qwqsEQIT8ERuw68inkZN2yaW2M6r2i2u7j_UF_g82B4uY Shanghai DoS Attacks]” of late 2016. This attack basically took Geth nodes offline which meant the network was relying on [[Parity]] Ethereum to handle the load. Obviously this is a perfect example of why having a multi-client network is hugely beneficial - if Ethereum was just relying on Geth then the entire network would have been taken down with this attack."'' | ||
== Team == | == Team == | ||
* Maintained by the [[Ethereum Foundation]] | * Maintained by the [[Ethereum Foundation]] | ||
* Péter; lead dev | * Péter; lead dev | ||
[[Category:Companies/Organisations]] | [[Category:Companies/Organisations]] | ||
Revision as of 06:29, 22 May 2022
Basics
- Main Ethereum client
- By installing and running geth, you can take part in the ethereum frontier live network and; mine ether, transfer funds between addresses, create contracts and send transactions, explore block history
- A official reference implementation of Ethereum (CLI)
- Golang client of the go-ethereum
- Go is easy to build, code and read but loses some of the speed.
- The command line interface for running a full ethereum node implemented in Go. It is the main deliverable of the Frontier Release
- Other CLI’s are eth; C++ & Pyethapp
Bugs
- From Blockthreat (19-5-2022):
"Geth patched a DoS vulnerability caused by a malicious p2p message."
- Geth has issued a hotfix to a high-severity security issue in its code (24-8-2021).
- Samczun has written (27-5-2021) about bugs he found within go-ethereum (Geth). The first one was a bug in Geth’s uncle validation routine which did not behave correctly given a specially crafted uncle. If exploited, this could have caused an accidental fork between Geth and Parity nodes. And the second one was a bug in Geth’s state downloader which could be used to trick it into syncing with mainnet incorrectly. If exploited, an attacker could have booby trapped the Ethereum blockchain and triggered a hard fork at will.
"There were two serious vulnerabilities found in the geth network, both of which were found by John Youngseok Yang (Software Platform Lab), earning him 20k points on the Ethereum Bounty Program leaderboard. In order to minimise disruption, the Ethereum developers decided to hard fork.
Services running older versions of geth nodes found themselves stuck on a minority chain, creating a knock-on effect for all apps that were reliant on them. Most users learnt of the issue when the Infura API went down."
- From Daily Gwei (8-7-2020):
"The most famous was the “Shanghai DoS Attacks” of late 2016. This attack basically took Geth nodes offline which meant the network was relying on Parity Ethereum to handle the load. Obviously this is a perfect example of why having a multi-client network is hugely beneficial - if Ethereum was just relying on Geth then the entire network would have been taken down with this attack."
Team
- Maintained by the Ethereum Foundation
- Péter; lead dev
