During the last couple of weeks, the Ethereum network has been the target of a sustained attack. The attacker(s) have been very crafty in locating vulnerabilities in the client implementations as well as the protocol specification.

While the recent patches have led to an overall increased resiliency in the client implementations, the attacks have also demonstrated that a lower-level change to the EVM pricing model is needed.

For many users, the most visible consequence is probably that they are having difficulties getting transactions included in blocks, and full nodes are facing memory limitations in managing the bloated state.

This is our strategy to address these issues:

As a temporary measure to minimize the effects of the most recent attack, we recommend all miners to lower the gaslimit to 500K gas.

A hard-fork based on EIP 150 version 1c will be put into effect at block 2457000 [see below]. This will reprice certain operations to correspond better to the underlying computational complexity.

[see below]. This will reprice certain operations to correspond better to the underlying computational complexity. A second hard-fork will follow shortly after, aimed at reverting the current "state-bloat" introduced by the attacks. This second fork will serve to remove accounts which are empty; lacking code, balance, storage and nonce == 0.

We have implemented the changes required in the clients and are currently extending and adding tests in an effort to prevent the introduction of consensus-breaking vulnerabilities.

And as a reminder, the Ethereum Bug Bounty is open and includes the new hardfork-implementations.

EDIT: Fork block has been moved to 2463000 in order to accommodate even more testing.