Parity to Update After Critical Bug Discovered

The bug could affect about 30% of the participants in the Ethereum network
07 June 2018   1121

In a test environment, which is used by Paity, a critical error was detected and fixed. This is reported by Coindesk.

As noted by representatives of Parity Technologies, when the software was launched, synchronization hasn't started, as a result  other network participants could not recognize their transactions. The vulnerability was found in the testnet, but there was a possibility of its spread to the entire network Ethereum.

Parity urged all users to update the software to a new revised version.

It is assumed that the bug could affect about 30% of the participants of the Ethereum network, which use software from Parity. Representatives of the company claim that it was patched before reaching the node of Ethereum's network. However, network members had to update the software to eliminate the vulnerability.

Several companies, including the Bitfly Mining Pool, have already said they updated their software to a new version (1.10.6-stable or 1.11.3-beta), but the bug can still complicate the work of the blockchain with the Parity software, including for Ethereum Сlassic (ETC ) users.

The bug is related to a part of the code from EIP 86.

We missed a conditional check in our code that caused full node Parity to accept a block containing invalid transactions.
 

Wei Tang
Developer, Parity

EIP 86 was planned to be used to update Ethereum last year, in particular for integration into the "account abstraction" blockchain system, which will allow transactions without the sender's signature. A full update was postponed due to its complexity, but its code was added to the Parity client.

Parity to Fix Serious Vulnerability

An error that could shut down the computers with ETH nodes was reported by the vice president of blockchain development at Amberdata
30 August 2019   427

Parity Technologies released a new version of the client that fixed a bug that could shut down computers running Ethereum nodes.

The first to discover the vulnerability and report it to Parity was Scott Bigelow, vice president of blockchain development at Amberdata analytic startup. According to him, only a small part of Parity's customers are at risk.

There was a vulnerability that [if exploited] would cause an immediate crash of the Parity client for all its services. There is no possibility to steal funds or do other malicious things but you could shut down some portion of ethereum nodes.
 

Scott Bigelow

Vice president of blockchain development,  Amberdata

Parity Technologies encouraged users to upgrade their clients to the latest version as soon as possible, especially those where the publicly available RPC and transaction history tracking module are activated.

Remote Procedure Call (RPC) is a protocol that allows you to request program data on third-party servers. In the blockchain industry, it is used to obtain information on balances at addresses, block numbers, and other information.

To date, the Parity client uses about 21% of nodes in the Ethereum network (3257, according to EtherNodes).