A critical vulnerability was disclosed to the Ethereum Foundation by iosiro_security, which could have allowed attackers to crash Ethereum mainnet geth clients remotely through the eth_call over RPC. This issue, affecting all major RPC providers including Infura, AlchemyPlatform, Ankr, and QuickNode, was identified prior to the Dencun upgrade. The flaw, humorously dubbed the 'Ping of Geth,' could have disrupted all public RPCs across Ethereum. A bounty reward of $1k was offered for finding this vulnerability, highlighting its significance.
Find a vulnerability causing geth nodes with exposed RPC interface to crash (including half of node as a service offering), get $1k bounty reward 🤡 https://t.co/Z9CHVIPy7n
Mad props to these guys for finding the "Ping of Geth" - a major bug in Geth that would have let an attacker easily knock all public RPCs offline across Ethereum. https://t.co/uN2o0uj80S
The amazing team of @iosiro_security whitehatted a bug that could have crashed all #Ethereum JSON-RPC nodes post-Dencun upgrade https://t.co/urcydcMXpt https://t.co/EioiXZMwP0
The amazon whitehatted a bug that could have crashed all #Ethereum JSON-RPC nodes post-Dencun upgrade https://t.co/urcydcMXpt https://t.co/jd2T39okMG
Prior to the Dencun upgrade, we disclosed a bug to the @ethereum Foundation that could remotely crash Ethereum mainnet geth clients over RPC through eth_call. All major RPC providers were affected, incl. @infura_io, @AlchemyPlatform, @ankr, @QuickNode, and others👇