In recent weeks, we’ve seen a noticeable degradation in network performance due to spam attacks, mass account creation, CPU/memory/disk abuse and various other tricks used by attackers in a concerted attempt to manipulate and control the network. Up until now, attempts to resolve the attacks have been short notice, hot-fix releases. The Ethereum Foundation released an announcement of an imminent hard fork last Thursday; while geth version 1.4.18 (code name "Note 7") and parity version 1.3.8 were released this past Saturday. A hard fork to fix the protocol should resolve all known issues once and for all. The hard fork does not mean that future attacks won't be possible, but it does ensure that all known vulnerabilities have been removed and the attacker(s) would have to try harder to find low hanging, profitable exploits. While the old chain will still be subject to DoS attacks, it's unlikely there will be any effort to maintain this chain given that almost all node operators are committed to the official Ethereum release roadmap and the leadership of the Ethereum Foundation.
The real story here is not particularly the hard fork itself, but the anxiety surrounding it, given all that happened during the summer with the DAO and subsequent spawning of the Ethereum Classic chain. You could sense a lot of this "another DAO situation" anxiety on the markets, particularly over the last week which saw a price drop of about 10%; a good level of price volatility and higher than normal transaction volume. While the hard fork has just been released, market reaction has not matched the level is not quite in proportion to the level of anxiety. Hopefully this a good sign. A sign that the community has moved on from the hysteria of 2016 which saw commentary on Ethereum dominated by rivalry with the "classic" chain, how "the" DAO "investors" would get their money back and ICO opportunists trying to freeload on the very positive investor sentiment for blockchain and smart contract technology. As we look forward to 2017, the potential for $20 Ethereum and beyond is again on the radar now that things are back on track. In some ways, all these distractions from the core mission of Ethereum are an abuse (at worst) or manipulation (at best) of the decentralized political control, open architecture and general good-naturedness of Ethereum's technical design, people and organisational structure. We have learned a lot so far this year and a re-doubling of effort on security is now a permanent feature of Ethereum as a cryptocurrency as we move forward.
2016 has been an eventful year, but not for the reasons you might expect. There were a number of momentum-sapping forces at play during 2016, most notably: the DAO, the emergence of a rival "classic" chain, crazy ICO sales and recent network attacks.
Everything was ticking on nicely, the network was gaining strength, new nodes were coming online all the time, the number of Solidity projects on github was increasing rapidly, new features were being released, the roadmap for the future was under open discussion, etc. Then the idea of a "distributed autonomous organization" (DAO) was implemented and marketed. It gained a huge amount of attention (and investment) and at its peak, had a large proportion of ETH tokens tied up inside it. Then in May 2016, it turned out there were a few exploits in the code and not only did the DAO effectively collapse, it almost took Ethereum with it. It was a massive momentum knock, a huge distraction and there was a lot of work that had to be done to restore Ethereum's reputation in the blockchain space even though it had nothing to do with the code oversights in the frightfully overly ambitious DAO.
The solution to the DAO issue was to hard fork Ethereum at block number 192000 and provide users with a choice as to whether they'd switch to the new “core” chain (ETH); which nullified the attacker's efforts, or continue on the original chain; which would preserve political non-interference absolutely. There was a huge discussion from Ethereum commentators in the long and drawn out lead-up to the fork and a breakaway group set up the Ethereum Classic chain (ETC) in July. ETC is still tradeable on many exchanges and boasts a market capitalization of approximately 7% of Ethereum's, at the time of publication. It's unclear if the Ethereum Classic development team intend on hard forking to close off the recent network attack vectors that were identified and removed by Ethereum on Saturday, but time will tell how the ETC community handles that particular debate.
One of the unintended consequences of Ethereum's smart contract platform is the ease at which developers can create tokens out of thin air, market the tokens under a new name and issue them to willing buyers – all facilitated by the Ethereum smart contract network which underlies the operation of many of these questionable ICO token issuances. The debatable problem is that some of these ICO sales are for quite large sums of USD equivalent. When you add them all up, it's a significant proportion of Ethereum's market capitalization. Are ICOs sapping the value of ETH tokens? If the organizations behind these large ICO tokens fail, will ETH token value be brought down too? And what of those organizations that are building real applications and genuinely need to raise money through ICO sales? How do they differentiate themselves from the scam tokens? Importantly, the potential for regulatory scrutiny must also be anticipated, especially as the value of token sales can be quite large now and the interest of regulatory agencies in the blockchain space is increasing. These are all important questions and issues to be ironed out into 2017.
But the most serious challenge to face Ethereum this year were the attacks on the network itself. There's a lot of money sloshing around and it's an attacker’s paradise: a place where all contracts can be inspected, where there's no definite legal enforceability or jurisdiction, a high level of anonymity and a number of naive users who are ripe for exploitation. While the network attacks didn't cause a failure of the network, the network did go through some hairy moments where the hash rate dropped right down and a number of key nodes were offline. These known issues have now been fixed with the hard fork; the silver lining being a more positive reputation for the Ethereum dev team regarding their ability to rapidly respond to attacks under huge pressure. It's reassuring for investors to know that this capability is there.
Because of recent attacks on the network, only the larger operators and those more attentive sysadmins managed to keep their nodes in-sync with 100% up-time over recent weeks. Generally, only those running on powerful, multi-core machines with large memory and fast disk access managed to stay in-sync. As an increasing proportion of the network runs on lighter weight VMs (e.g. Microsoft Cloud, Amazon AWS or IBM Cloud), and recently, ARM-based platforms (e.g. Raspberry Pi and IoT), many of these machines were overwhelmed by the attacks and simply unable to keep up. Sysadmins who rely on always being in sync would be well advised to maintain good node diversity and have plenty of computational power. In practice, that means running multiple nodes on as many separate networks and versions as possible.
Some practical tips:
• Have plenty of computational power on your key machines (as many cores, as much memory, the fastest disk, etc. you can afford). Ensure your network pipe is fat enough. Don't estimate requirements based on current resource usage. Capacity is required for the worst-case scenario.
• Keep a node fully up-to-date with the latest stable release schedule
• Keep up-to-date with development releases and how this impacts your production systems
• Maintain a selection of nodes running older versions
• Don't rely on just geth and eth. Many sysadmins also running ethcore.io's parity and Blockapp's Haskell client for additional diversity. ethcore.io's parity has been a silent hero during the network attacks—there were critical periods where it provided an in-sync node to many who were otherwise completely reliant on geth or eth
• A mix of x86 and ARM may also be useful
• Strive for data centre/cloud provider diversity
It all depends on what you're doing and what the cost of not being able to get in-sync is. The reassuring thing about the Ethereum community is that the tools and systems are there, there's a huge awareness of these requirements and the Ethereum Foundation is highly responsive to any technical challenges that are launched at it. It's worth highlighting that the upgrades (to eth, geth and parity) is a hard fork, so upgrading as soon as possible is heavily recommended. The fork will hit some time on Tuesday so if you are running older, pre-fork versions, you'll end up mining on the original, broken chain. While it's not absolutely certain, it's apparent that the network will move on Tuesday and the old chain will die immediately.
Final thoughts for this week
The hard fork hits at block number 2463000 (approx midday GMT on 2016-10-18). The work is done, the code is deployed and there are a large number of nodes up-to-date already. We'll see how the network behaves out in the wild, but compared to the change made at block number 1920000, this one should hardly be noticed.
Ethereum as a value exchange and smart contract platform is now stronger and more resilient than ever. While other platforms (including private and consortium smart contract platforms) benefit greatly from Ethereum's public contribution, we've yet to see how any of these rumoured secret x-platforms fair in the wild. Right now, Ethereum is the only viable smart contract platform and there doesn't appear to be anyone else in this space capable of matching what has been achieved thus far. Building a robust, scalable, fast and efficient smart contract platform is an incredibly difficult thing to do and the Ethereum development team has proven that it's 100% committed to achieving its goals. Looking in from the outside, it appears that working as a core developer is not just a job - it's a life's mission, a passion. As Nick Johnson, Software Engineer at Ethereum, concisely and humorously commented on the Ethereum reddit page shortly after the hard fork was released: "We sleep in shifts ;)".