Ethereum’s Morden testnet ran from July 2015 to November 2016. While anyone using Ethereum can create a testnet, Morden was the first official public testnet. Due to long sync times stemming from a bloated blockchain, and consensus issues between the Geth and Parity clients, the testnet was rebooted and reborn as Ropsten.
Ropsten ran smoothly as the public testnet until the end of February 2017. According to Péter Szilágyi, a core developer for Ethereum, the end of February is when “malicious actors decided to abuse the low PoW and gradually inflate the block gas limits to 9 billion (from the normal 4.7 million), at which point sending in gigantic transactions crippling the entire network. Even before that, attackers attempted multiple extremely long reorgs, causing network splits between different clients, and even different versions.”
These attacks were able to propagate because a network that reaches consensus via a Proof-of-Work algorithm is only as secure as the computing power behind it. It was this low level of difficulty that allowed the attacker to spam the testnet. Since Ropsten was a testnet, its Ether had no financial value, so it’s likely the attacker only sought to disrupt the development of upcoming Ethereum projects.
The Parity team (Ethcore) came up with an emergency solution: the Kovan testnet. Kovan is a stable, public testnet for Ethereum, powered by Parity’s Proof-of-Authority consensus algorithm. Ethcore’s testnet is immune to spam attacks because the Ether supply is controlled by trusted parties. Those trusted parties are companies that are actively developing on Ethereum, listed here. Due to their vested interest in the success of Ethereum, they’ve been made validators. Malicious actors will no longer be able to mine testnet Ether, and with validators controlling the token supply, the spam attacks cannot continue.
While it seems like this should be a solution to Ethereum’s testnet troubles, there appear to be consensus issues within the Ethereum community regarding the Kovan testnet. While Ethcore was quick to roll out a new, spam-proof version of a public testnet, they developed it in secrecy and it’s only accessible via Ethcore’s Parity client. Members of the Ethereum community have spoken out against the perceived actions of Ethcore (who have yet to comment on the controversy).
Now, the Ethereum Foundation is working on a cross-client testnet. The new testnet is called Rinkeby, and it will also use a Proof-of-Authority consensus mechanism, seeing as how PoW cannot work securely in a network with no monetary value. Unlike Kovan, Rinkeby’s PoA implementation will work with different clients, allowing more participants to operate in a spamless testnet. The specifics of the PoA system are on GitHub, for those interested.
The Rinkeby testnet isn’t operational yet, but should be rolled out “in a reasonable amount of time,” according to its GitHub repo. Currently, the Ropsten testnet is still functioning but is also still entirely vulnerable to transaction spam attacks. The Kovan testnet is up and running but you can only access it via the Parity client.