The Ethereum Core Developers and The Ethereum Security Committee have taken the step of stalling their rollout of the anticipated Constantinople upgrade due to the discovery of a security risk.
The security risk was found by Chain security (an organisation dedicated to providing security assessments for blockchain projects) and is one which, if not properly addressed, could lead to the reentrancy attack, which saw DAO lose somewhere in the region of $150m, become a real possibility once more.
The reason simply increasing the gas cost of SSTORE actions was enough to solve the issue was that transfer & send events were limited to 2300 gas while storage operations required 5000 gas. This means that manipulating an SSTORE function while calling a function using the transfer or send events was simply impossible.
So, What’s Changed?
What Should you do?