Parity: new vulnerability found

Are Parity's users fund are in danger again? Let's try to figure it out
07 November 2017   636

Users' funds on Parity wallets with multi-signature are blocked as a result of activation of a critical vulnerability in a smart contract / library. 

As noted in the statement, a new version of the smart contract from Parity was published on July 20 - a day after the theft of $ 30 million as a result of the vulnerability of the wallet.sol contract. However, the new version also showed problems.

This smart contract / library can be turned into a regular wallet with a multi-signature and set over it with the initWallet function.

On Monday, November 6, one of the users most likely accidentally activated the vulnerability and the contract was given a command to self-destruct, resulting in a lot of wallets with a mulp signature created after July 20, lost the ability to display tokens.

Parity Technologies analyzes the situation and will soon make a statement and instructions.

Parity replied to Cisco's vulnerability report

According to the representatives of Parity, vulnerabilities are fixed
12 January 2018   125

Parity Technologies said that the vulnerabilities found by the Cisco Systems Inc. have been fixed in new versions of the Ethereum client software.

As stated in the developers' statement, the JSON-RPC interface, which supports the function of cross-domain requests, could really provide attackers with public information about an account to create an application for "undesirable transactions" and provide these transactions for signature to the user.

However, the company emphasizes, a potential leak of information could not contain confidential information, including private keys. All problems associated with the JSON-RPC interface have been fixed in the latest Parity software updates.

In addition, developers have changed the basic settings of the function of cross-domain requests in order to avoid information leakage. Now users must manually add secure domains to the whitelist in order to allow Parity software to interact with them.

Parity wallet is well known in cryptocurrency world. In July, hackers stole millions of dollars thru the vulnerability, which was fixed in few lines or code. In November, 513774.16 ETH got "froze".