Ethereum was meant to get a major revamp this week. The software upgrade, which was scheduled to begin on January 16 and take a few days to complete, was supposed to introduce five new features designed to improve the blockchain network’s performance and set the stage for additional future upgrades. But after third-party researchers realized that one of the changes would make the network more vulnerable to hackers, the so-called “hard fork” had to be postponed at the last minute.
That decision was not merely an inconvenience for those who want Ethereum to evolve and eventually become a blockchain-based alternative to the web. It once again made clear that Ethereum may need to sacrifice some of its beloved “decentralization” if it is ever to achieve its ambitious mission
Postponed again. Four features of the upgrade, called Constantinople, were supposed to improve the speed, efficiency, and cost of transacting on the network. The fifth, which until this week had been the most controversial, would have changed the network’s economics by shrinking the cryptocurrency reward that currency “miners” receive in return for using their computing power to secure the blockchain. This move is designed to prepare miners for a planned move away from the current method of securing the chain, which rewards computing power above all.
Constantinople has been postponed once before. It was originally slated for last November, but developers discovered a bug while testing it in October and decided to delay the upgrade until January. Things were going smoothly this time until Tuesday night, when ChainSecurity, a startup that audits smart contracts, came across another potential problem.
Unintended consequences. The ChainSecurity team discovered a dangerous unintended consequence of one of Constantinople’s changes: certain smart contracts, small computer programs that are stored in Ethereum’s blockchain and designed to automatically move cryptocurrency around, would now be vulnerable to a type of malicious attack called “re-entrancy.” Attackers could have exploited the bugs to trigger a contract to do something it wasn’t supposed to do, like send them money so they could run off with it, according to ChainSecurity cofounder Petar Tsankov. Shortly after ChainSecurity flagged this for Ethereum’s developers, they decided to postpone Constantinople out of “an abundance of caution.”
Blockchain upgrades are hard (and controversial) enough. Ethereum, like Bitcoin and other blockchain systems, is maintained by a network of computers, called nodes, that run software designed to automatically verify transactions and add them to the chain. (Some of those nodes, the miners, race to solve a mathematical puzzle and earn a chance to add new sets, or “blocks,” of transactions.) For an upgrade to happen, node operators (or at least most of them) must agree to switch to a new version, a process called a “hard fork.” The name refers to the way the community effectively leaves the old system and its rules behind, “forking” in a new direction. Success requires getting community-wide buy-in; the more consequential the potential change, the more difficult it is to reach consensus on its merits.
Though most of the community appeared to be on board with Constantinople, many miners harbored misgivings about their rewards being cut. The risk is that the change will drive many miners to quit because they will be unable to profit, and mining power will become more concentrated, says Peter Pratscher, CEO of Bitfly, a Vienna-based startup that runs Ethermine, the network’s largest mining pool (Ethermine’s roughly 75,000 miners represent around a quarter of Ethereum’s total mining capacity.)
Blasts from the past. Hard forks aren’t always harmonious. Perhaps the most famous example occurred in 2016. After an attacker stole $50 million worth of ether (also, coincidentally, via a re-entrancy attack), Ethereum’s developers pushed an emergency hard fork to reverse the theft and return the funds. Since the change essentially changed Ethereum’s history, some felt the decision undermined the blockchain’s immutability and decided to keep mining the original chain, whose new (old) token became known as Ethereum Classic (and where the attacker still held the funds). Ethereum’s loudest critics still point to this fork as evidence that too much control lies in the hands of just a few of Ethereum’s leaders, particularly its enigmatic young creator, Vitalik Buterin.
It’s ... complicated. With well-funded competitors like EOS emerging, Ethereum’s leaders have been forced to come up with more efficient decision-making processes, particularly for highly technical decisions, without sacrificing decentralization. In practice, though, the notions of decentralization and centralization aren’t so black and white. A truly decentralized network has no single point of failure, but the phenomenon is tough to quantify, and the term tends to mean different things to different people depending on the context.
Ultimately, Ethereum’s goal is to build a censorship-proof version of the web that billions of people will adopt. Technical decisions are bound to get complicated as the system gets more complex, and the risk of unintended consequences will only be heightened. To pull it off, Ethereum may need to become more like a traditional organization. Perhaps a bit of centralization is unavoidable. (See “Ethereum thinks it can change the world. It’s running out of time to prove it.”)
As for Constantinople, it’s on hold indefinitely for now, but we are likely to learn more about the next steps after the core developers meet again on January 18.