Parity Technologies, the group following widely used wallet service Parity, today unveiled an issue that could enable the contents of a container to be wiped.
The issue involves multi-sig wallets a technology that uses the support of multiple parties for additional security on events that were extended after July 20. In other words, ICOs that were held since then may be stricken.
It’s a kicker because it is the next time in just a few points that a major Parity bug has been unearthed with potentially costly consequences for Ethereum, which is the world’s second highest-valued cryptocurrency with a total transaction cap of over $27 billion. Back in July, a vulnerability in Parity led to 150,000 ETH (then worth nearly $30 million) being stolen.
That bug was fixed July 19 hence the importance of the July 20 date but one positive element of that first scare is that many in the Ethereum association, and particularly those who have held ICOs, backed away from the technology in favor of options. Even those who did use Parity may not have opted for the multi-sig wallet.
But still, it is a major protection issue with wider involvements. Parity explained that it found the problem when one user’s wallet was wiped:
Following the fix for the quick multi-sig issue that had been employed on 19th of July, a new version of the Parity Wallet library record was deployed on 20th of July. However that code still included another issue it was possible to turn the Parity Wallet library record into a regular multi-sig wallet and become a master of it by calling the initWallet function. It would appear that issue was triggered unexpectedly 6th Nov 2017 02:33:47 PM +UTC and finally a user suicided the library-turned-into-wallet, wiping out the library code which in turn presented all multi-sig contracts unusable since their logic (any state-modifying function) was inside the Code.
The issue appears to center throughout the fact that the Parity Wallet operates as a smart contract.
Take your time to comment on this article.
