Parity's vulnerability can lead to Ethereum hardfork

Another "issue" of popular Ethereum wallet can lead to unplanned hardfork
08 November 2017   1408

On Monday, November 6, a new critical vulnerability was discovered in the Parity Ethereum wallet, as a result of which users' funds on multi-signature wallet were frozen. To solve the problem, new Ethereum's hardfork can be implemented. This is reported by the CoinDesk.

Scope of the problem

As it became known, a critical vulnerability was discovered in the version of the smart contract that is responsible for the user wallets with the multi-signature created after July 20. It is assumed that one of the developers "accidentally" gave the smart contract to self-destruct, thereby freezing $ 154 million in ETH-equivalent.

The researchers managed to obtain exact figures during the analysis of problematic smart contracts. At the moment, frozen funds are three times higher than the amount stolen as a result of The DAO hack.

Nevertheless, the developers of Ethereum hastened to state that the problem is not directly related to the network, but only codes of smart contracts written on top of the blockchain.

Smart contracts Ethereum can not be changed after they are activated; the same is true for the bugs contained in these contracts.

Although some industry representatives said that the practice of writing the right smart contracts is only being worked out, other members of the cryptocoins community attacked Parity Technologies with accusations and funny pictures.

Reaction

Vulcanize developer Rick Dudley is sure that the developers responsible for the security sphere should be punished.

Hope Liu, CEO Eximchain already questioned the following updates from Parity Technologies, as the new vulnerability arose only a few months after the previous one. In the same company, they claim that smart contracts were audited before the official release, and accuse social media of speculation.

Ciaian Murray also believes that users can sue developers of smart contracts in connection with the loss of funds, thereby creating a legal precedent.

Charlie Lee, creator of Litecoin spoke his word too.

The founder of Ethereum Vitalik Buterin said that he "deliberately" refrains from any comments, but expressed support to all developers of contracts for electronic purses and their auditors.

How to solve this "issue"?

However, the representative of the security department of the Ethereum Foundation, Martin Holst Schwende, stated that it is impossible to recreate the code of the destroyed smart contract without carrying out the network's hardfork. In his opinion, any decision to defuse users' funds without exception requires a hardfork.

Service Localethereum conducted a Twitter-survey about the advisability of hardfork to rescue frozen in multi-signature wallets. 59% of respondents were against such an outcome.

Despite the general pessimistic attitude, some developers hope that the "white hackers" will find a way to unblock funds without activating hardfork.

It also worth noting that it is not the first "issue" of Parity wallet. In July, hackers were able to stole $30M from Parity

Ethereum Scaling Solution Raiden to Launch Last Testnet

As noted by the developers, after implementing the new solution, the Ethereum network will be able to provide more than a million transactions per second
20 July 2018   162

On Thursday, July 19, at the Dappcon developer conference in Berlin, the last test network of Raiden for the Ethereum blockchain was launched, CoinDesk reports.

The release includes a minimal implementation of the scaling solution, which will allow the transfer of Ethereum tokens outside of the main blockchain. This is the last test phase before the introduction of technology into the core network of Ethereum.

It's the first step towards going to the mainnet. We really want people to really test this so we have a user interface, we have an API and we've created an open Github for everything they could find, so if we go hopefully bug-free on the mainnet.
 

Lefteris Karapetsas

Core Developer, Raiden

According to him, the new release represents an early implementation for the core network and contains a new rewritten code of smart contracts and payment channels that can be restored in case of unintended closure.

Also, Karapetsas urged developers to join the test network to help detect possible bugs, adding that a bounty program will be launched to encourage this activity.

The release date for the main network has not yet been assigned, but the developers intend to follow this earlier promise and launch Raiden this summer.

Karapetsas also promised to publish regular updates and code optimizations after the full release, adding that Raiden will complement other Ethereum scaling solutions that are currently being developed.

Raiden is essentially the payment channel network for ethereum, it's supposed to help us scale token transfers. The long term goal would be to have people use Raiden from a mobile device and be able to make off-chain token transfers just from their phone. That would be the long term vision, it would probably work in combination with various scaling solutions, sharding, plasma, a sort of hybrid.
 

Lefteris Karapetsas

Core Developer, Raiden

Raiden is developing from the 2015 and is written mostly on Python. The project is much like the Lightning Network. As noted by the developers, after implementing the new solution, the Ethereum network will be able to provide more than a million transactions per second.