The long-awaited upgrade for Ethereum, “The Merge’’, is fast approaching.
The upgrade will be a two-step process, happening on September 6 and through September 10–20, according to the Ethereum Foundation’s August 24, 2022 blog post.
There is only one significant change to Ethereum — an upgrade to Proof-of-Stake (PoS).
Because Ethereum is one of the world’s most significant and pioneering Proof-of-Work (PoW) blockchains, The Merge is undoubtedly an essential event in cryptocurrency.
Ethereum enthusiasts are excited because The Merge is expected to improve scalability and other functions. However, there is some speculation about the upcoming upgrade’s technical and fundamental implications.
To keep your digital assets safe during the conversion fromPoW to PoS and avoid scams, in this article, XREX’s security team categorized changes brought about by The Merge.
Scams have always been a part of our lives, especially during periods of change — this is when scammers run rampant. To avoid being defrauded, remember to remain calm and be familiar with technical operations.
What is The Merge?
The Ethereum foundation has been working hard to improve its PoS during the past seven years. Compared to previous network upgrades, The Merge is different in two ways:
- First, node operators should update their consensus layer (CL) and execution layer (EL, clients’ layer) simultaneously rather than just one at a time. Therefore, each trading platform will suspend Ethereum chain services until the network has stabilized after The Merge.
– Eg. XREX announced its plans earlier on with regards to the temporary suspension of ETH services after The Merge.
- Secondly, the upgrade activates Ethereum in two phases:
– The first, called Bellatrix, will happen on the Beacon Chain to update the CL on September 6.
– Next, Paris, the EL will increase the Total Terminal Difficulty (TTD) to or above 58750000000000000000000 from September 10–20, 2022. As soon as Ethereum gets the TTD, it will switch from PoW to PoS.
– Upgrade Information
There are still four stages after The Merge, including The Surge, The Verge, The Purge, and The Splurge.
When the Ethereum system completes the above upgrade, scalability will be increased with a maximum of transactions from 15 to 100,000 per second. As a result, transaction fees (gas fees) will also decrease. Miners’ ecology will also change.
What will happen after The Merge?
- Old and new proof mechanisms coexist.
After Ethermine (World’s Largest Ethereum Mining Pool) announced that it would keep the Ethereum Classic (ETC) and other pools after The Merge, the market confirmed that two mechanisms will coexist on crypto.
However, it won’t happen on the official Ethereum network because the PoW will no longer be valid under the ETH consensus rules. (Resource: How The Merge impacts ETH supply)
- Digital assets will automatically split
On the Ethereum network, digital assets will automatically be converted for PoS. That’s to say, it’s not necessary to swap your ETH for The Merge, your ETH value will remain the same after The Merge.
- Block-publish speed will be a little faster
Compared to PoW, the block-publishing time will be decreased from 13.3 seconds to 12 seconds on PoS. Due to this change, project sites may have to adjust the smart contract settings, but users won’t notice it.
Scams or attacks that may happen during The Merge
- Token scam
Although the Ethereum foundation reminds its users, “you do not need to do anything with your funds or wallet before The Merge,” (resource: The Merge) there are still scams happening:
Scammers confuse users to redeem their ETH for fake tokens, by posing as “support,” telling you that if you deposit your ETH, you will receive the new ETH (such as ‘Eth2’, ‘ETH-PoW’, or ‘ETH-PoS’) in return.
However, according to the official announcement, no new token is officially supported for The Merge. As a result, don’t share your wallet seed phrase with anyone.
- Replay Attack
Since the old and new proof mechanisms will coexist after The Merge, the risk of replay attacks is possible in the merged ETH POS/POW chain split scenario.
What is a replay attack?
“Replay attack” is also called “Man-in-the-middle Attack.” By connecting, intercepting, or even adjusting data through the network, hackers delay, duplicate, or initiate transactions, harming the interests of the initiators.
In the crypto community, replay attacks most often occur during blockchain splits or hard forks.
How does a replay attack work?
If a fork occurs, attackers can use the “Signed Transaction” to replay the same transaction on the PoW or PoS chains.
Every transaction on the blockchain is like a bank check with details such as the payee, date, amount, and account. These checks are worthless unless they are signed.
As a result, an attacker will leverage a “Signed Transaction” to execute a fake transaction on another blockchain and obtain the actual amount.
For example, User A sends 100 ETH on the PoW chain. Upon intercepting the “signed transaction,” the receiver can re-execute the same transaction request in the name of User A on the PoS chain.
Ultimately, the receiver will get 100 ETH on the PoW and PoS chains, respectively. User A, on the other hand, would have sent a total of 200 ETH, losing 100 ETH.
How to avoid replay attacks after The Merge
- Use the latest version of the contract (including but not limited to EIP-155 and EIP-1344). Since 2016, Ethereum has successively launched Ethereum Improvement Proposals (EIPs) to prevent replay attacks through ChainID, which are:
– EIP-155 — Prevent on-chain transaction attacks:
An invalid transaction on one party’s chain can be prevented by locking a specific Chain ID.
– EIP-1344 — Prevent off-chain transaction attacks：
To avoid confusing transactions between the old and new chains, the ChainID opcode was added in 2018 to allow the contract to determine which chain is executing the transaction, and to verify the Chain ID during the meta-transaction.
- Create a new PoS wallet, and transfer assets to the new one.
Please note that the methods provided above are only for known assets in your wallet and do not involve equity pools, loans, and cross-chain bridge scenarios.
What else should you know?
The above attack and scam methods are not new. It happened when Ethereum (ETH) and Ethereum Classic (ETC) forked in 2016. That is why Ethereum officials have prepared for replay attacks. You are encouraged to:
- Re-examine the used platform or wallet contract to confirm that it contains EIP-155 and EIP-1344;
- After The Merge, separate your digital assets by the chain and transfer them.
- Keep your eyes on your favorite platforms. They may temporarily stop transactions at any time on the Ethereum chain due to the official update process.
In short, being on standby is your best strategy before The Merge happens.
Stay tuned to the official announcement for the exact timing of The Merge; the XREX team will keep a close eye on it with you.