Share this article
Ethereum Software Parity to Update After Critical Bug Detected
A critical bug was found in Parity's software within a testing environment and users are hurrying to update so it doesn't affect the mainnet.
Updated Sep 13, 2021, 8:01 a.m. Published Jun 6, 2018, 2:03 p.m.
A critical consensus bug has been uncovered in a testing environment used by one of the two principal softwares crucial to the operation of the world's second-largest blockchain.
Revealed last night by UK-based Parity Technologies in a blog post, the issue was found to cause those running the software to fall out of sync, meaning others using different software would not recognize their transactions. While the vulnerability was found on a testnet, the worry is that it could be exploited on the mainnet as well.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
As such, Parity is now urging all users to update their software to a newly patched version.
suggests the bug could have impacted roughly 30 percent of the ethereum network – those that use software issued by Parity to stay in sync with the wider network. But according to representatives of Parity, the issue was patched before it reached nodes operating the live ethereum blockchain.
Still, companies must update to the new software to remain safe from the vulnerability on the mainnet.
Speaking on Twitter, several companies, including mining pool Bitfly, have come forward to state they've updated their software to the newly secured iteration (1.10.6-stable or 1.11.3-beta).
As companies that operate on ethereum begin updating their software to avoid the issue, it has been theorized that it could still impact any blockchains that run Parity software, including users of .
The news of the vulnerability comes at a time when Parity has been under increased scrutiny for several similar security issues. Most notably, last November, a bug in one of the company's wallet offerings led 513,774.16 ETH, or $311 million according to current metrics, being frozen and in turn, inaccessible to its owners.
Discussion as to whether the frozen funds should be returned is ongoing, but in the interim, Parity has stated its commitment to a refined security process, writing:
"We would like for our bugs to be a catalyst for more secure ethereum development."
Three lines of code
Speaking to CoinDesk, Wei Tang, a Parity developer who assisted with yesterday's code patch, said that the bug is linked to a piece of code from ethereum improvement proposal (EIP) 86.
Formerly planned for ethereum's upgrade last year, EIP 86 aimed to introduce what is called "account abstraction," allowing for transactions to be sent without a signature from the sender. The full ethereum upgrade to EIP 86 was postponed due to its complexity, however, Wei explained that Parity nevertheless implemented the code, possibly due to its role in ethereum's upcoming consensus switch.
According to Wei, the team in charge of implementing it within Parity's software had overlooked three lines of code that led to yesterday's consensus issue.
"We missed a conditional check in our code that caused full node Parity to accept a block containing invalid transactions," Wei told CoinDesk.
Several such transactions were discovered on the Ropsten test network yesterday, and due to the transactions incompatibility with the wider ethereum blockchain, the transactions led a fork to occur between Parity and Geth (the largest provider of ethereum software accounting for 60 percent of users) clients.
Speaking in a press release, Kirill Pimenov, head of security at Parity, said that in the "worst case" such transactions would have resulted in corrupted blocks on the ethereum mainnet that "would still be treated as valid by other affected Parity ethereum nodes."
Given sufficient hashpower, such an exploit would result in a blockchain split, Pimenov continued.
"The response to this situation was proactive, meaning we were able to prepare a fix before anyone was actually able to exploit the bug. As a result, we have managed to avert a mainnet split," Pimenov stated in the press release.
Wei echoed this, saying the fix, which was released mere hours ago, was simple.
"We add those three lines of the missing conditional check in our code," Wei told CoinDesk, adding:
"But yeah this three lines have severe effect. We've also got many eyes to review the code during the process."
Red emergency button image via Shutterstock
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Fidelity's Jurrien Timmer: Expect lame 2026 as four-year bitcoin cycle appears intact
The director of global macro at the asset management giant remains a secular bull on bitcoin, but isn't optimistic about the next year.
What to know:
- A number of notable market analysts of late have dismissed the idea of bitcoin's four-year cycle and the nearly certain bear market that might imply.
- Fidelity's Jurrien Timmer, however, says the action so far this time around lines up about perfectly with past four-year cycles and the current bearish action should last deep into 2026.
Top Stories
