• Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Whitepapers
  • Industry Voice
  • Data Strategy Spotlight
  • Newsletters
  • Whitepapers
    • Inqlogo 120x194
      Five things you should look for in choosing a Testing provider

      Choosing a Testing Partner can be complex.  So what do you look for?  This guide offers insight into the qualities you must look for in choosing a Testing provider.  Download now to learn more.

      Download
      Inqlogo 120x194
      Your questions answered: How to protect your data in the cloud

      The number of successful cyberattacks per year per company has increased by 46% over the last four years. But what really needs to be considered when exploring a solution? What questions need to be asked? Download to find out...

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Follow us
    • Twitter
    • Newsletters
    • Facebook
  • Newsletter
  • Industry Voice
  • Data Strategy Spotlight
The Inquirer
The Inquirer
  • Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Trending
  • General election
  • Huawei sues FCC
  • Xerox vs HP
  • Galaxy S11
  • McAfee 2020
The Inquirer
  • Security

Parity admits it knew about bug that caused frozen Ethereum funds

Firm knew about issue in August but it still hasn't got a fix

Parity admits it knew about bug that caused frozen Ethereum funds
Parity admits it knew about bug that caused frozen Ethereum funds
  • Tom Allen
  • Tom Allen
  • 20 November 2017
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments

CRYPTOCURRENCY SOFTWARE OUTFIT Parity Technologies has fessed up to knowing about the bug that led to about $280m worth of Ethereum being frozen.

Earlier in November, a user known as devops199 was able to take ownership of a particular piece of code (the ‘library' smart contract, a shared component amongst all Parity multi-sig wallets) and then destroy it. Whether this was done purposefully or not has not been established.

The effect of that action was to block the contents of 587 wallets holding a total of ETH513,774.16, Parity has said in a post-mortem blog of the incident.

The issue only affected wallets created on or after the 20 July due to the use of new code. This code, written to be as similar as possible to the original 'stub' smart contract deployed with each new wallet, had the same functionality as a regular wallet and contained the self-destruct function.

Parity says that it was warned about the issue (of someone being able to take control of its library contract) in August. The developers acknowledged the bug and flagged it to be fixed "at a future point in time."

"In August, a Github contributor called ‘3esmit' recommended a code change that initWallet should be called when being deployed which at the time was considered a convenience enhancement," Parity said.

"Thus, we committed this proposed enhancement to the library contract that would automatically initialise it by calling initWallet on construction. Interpreting the recommendation as enhancement, the changed code was to be deployed in a regular update at a future point in time."

The company went on to examine the ways in which the exploit could have been prevented.

"There are essentially two main ways this exploit could have been avoided. If the contract code had not included the functionality to suicide or kill, even if someone had taken ownership, they would not have been able to do anything," it said.

"The kill functionality was a remainder of the original audited contract. The other way would have been for the wallet initialisation to have been done as proposed by 3esmit, either automatically through the code change and re-deployment or manually on the contract deployed in July.|

Parity "deeply regrets" the situation and says that it is working to unlock the frozen funds.

However, at this point, it has no fix for the issue. It is considering several Ethereum improvement proposals and has stopped issuing multi-sig wallets; the firm is also carrying out a security audit of its existing sensitive code. µ

  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Security
  • cryptocurrency

INQ Latest

Comet Lake-S leaks keep hitting earth
Intel Comet Lake-S leak teases AMD-chasing six-core Core i5-10600

Hype for HyperThreading

  • Chips
  • 13 December 2019
Apple's parental controls in iOS 13.3 can be easily bypassed
Apple's parental controls in iOS 13.3 can be easily bypassed

Hey kids, leave them iPhones alone

  • Software
  • 13 December 2019
Opera GX brings gaming-led browsing to macOS
Opera GX brings gaming-led browsing to macOS

The Mac lady sings

  • Software
  • 13 December 2019
Google Assistant gets 'Interpreter Mode' on iOS and Android
Google Assistant gets 'Interpreter Mode' on iOS and Android

Babel in yo ear

  • Software
  • 13 December 2019
Back to Top

Most read

Apple's iPhone 12 won't see a significant price increase, claims Kuo
Apple's iPhone 12 won't see a significant price increase, claims analyst
FTC might order Facebook to stop integrating Instagram, Messenger and WhatsApp
FTC might order Facebook to stop merger of Instagram, Messenger and WhatsApp
Comet Lake-S leaks keep hitting earth
Intel Comet Lake-S leak teases AMD-chasing six-core Core i5-10600
Windows 7 goes end-of-life in a month
Windows 7 goes end-of-life in a month
Galaxy S11 specs, release date and price: In-the-wild images show chunky camera hump
Galaxy S11 specs, release date and price: In-the-wild images show chunky camera hump
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Twitter
  • Newsletters
  • Facebook

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017