Parity: ETH hard fork inevitable to unlock frozen funds

Parity Wallet made an announcement proposing Ethereum Hard Fork in response to $160 funds frozen in the beginning of November
11 December 2017   315

On November 6, users' funds on Parity wallets with multi-signature were reported to be blocked as a result of activation of a critical vulnerability in a smart contract. According to Parity statement, the amount of funds blocked on wallets was estimated at $164M.

On December 11, Parity published a blog post describing a solution for reactivating all the frozen funds. The ethereum software company confirmed that ETH hard fork is inevitable for this purpose.

No one should be under any illusion that unlocking these stuck funds would be anything other than a rescue operation - and would only be possible with a hard fork. 
 

Parity Technologies Team

Proposed solutions:

  • to allow private key holders affected by certain issues to withdraw their Ether
  • an “address specific” Ether and Tokens recovery, which would not change the semantic behaviour of the EVM but could still solve all of the cases previously raised
  • a change to the Protocol which would allow the revival of suicided contracts and fine-grained deployment of contracts for all users going forward 

Most recently, the incident with the Parity multi-signature wallet, where the contract which held the code governing the behaviour of the wallets, was deleted. This left anyone with Ether or tokens in Parity multi-sig wallets unable to withdraw them. All of these funds are provably non-recoverable without a change in the blockchain’s state, opcode upgrades or consensus rules modification.
 

Parity Technologies Team

Previously, we reported that Service Localethereum conducted a Twitter-survey about the advisability of hardfork to rescue frozen in multi-signature wallets and it turned out that 59% of respondents were against such an outcome.

At the moment of press, these are main market parameters of Ethereum:

  • Average price: $470.60
  • Marketcap: $45 305 020 721
  • 24h volume: $1 398 230 000

Parity replied to Cisco's vulnerability report

According to the representatives of Parity, vulnerabilities are fixed
12 January 2018   124

Parity Technologies said that the vulnerabilities found by the Cisco Systems Inc. have been fixed in new versions of the Ethereum client software.

As stated in the developers' statement, the JSON-RPC interface, which supports the function of cross-domain requests, could really provide attackers with public information about an account to create an application for "undesirable transactions" and provide these transactions for signature to the user.

However, the company emphasizes, a potential leak of information could not contain confidential information, including private keys. All problems associated with the JSON-RPC interface have been fixed in the latest Parity software updates.

In addition, developers have changed the basic settings of the function of cross-domain requests in order to avoid information leakage. Now users must manually add secure domains to the whitelist in order to allow Parity software to interact with them.

Parity wallet is well known in cryptocurrency world. In July, hackers stole millions of dollars thru the vulnerability, which was fixed in few lines or code. In November, 513774.16 ETH got "froze".