On Monday, November 6, a new critical vulnerability was discovered in the Parity Ethereum wallet, as a result of which users' funds on multi-signature wallet were frozen. To solve the problem, new Ethereum's hardfork can be implemented. This is reported by the CoinDesk.
Scope of the problem
As it became known, a critical vulnerability was discovered in the version of the smart contract that is responsible for the user wallets with the multi-signature created after July 20. It is assumed that one of the developers "accidentally" gave the smart contract to self-destruct, thereby freezing $ 154 million in ETH-equivalent.
The researchers managed to obtain exact figures during the analysis of problematic smart contracts. At the moment, frozen funds are three times higher than the amount stolen as a result of The DAO hack.
Nevertheless, the developers of Ethereum hastened to state that the problem is not directly related to the network, but only codes of smart contracts written on top of the blockchain.
Smart contracts Ethereum can not be changed after they are activated; the same is true for the bugs contained in these contracts.
Although some industry representatives said that the practice of writing the right smart contracts is only being worked out, other members of the cryptocoins community attacked Parity Technologies with accusations and funny pictures.
— HT2017 (@cryptojonny) 7 ноября 2017 г.
Vulcanize developer Rick Dudley is sure that the developers responsible for the security sphere should be punished.
Quite magnanimous toward the people who wrote buggy code and failed to test against the attack they were supposed to be preventing. We should give a similar consideration to those whose assets are actually locked and work toward getting EIP156 applied sooner rather than later. https://t.co/sIsUVJwDKU
— Rick Dudley (@AFDudley0) 8 ноября 2017 г.
Hope Liu, CEO Eximchain already questioned the following updates from Parity Technologies, as the new vulnerability arose only a few months after the previous one. In the same company, they claim that smart contracts were audited before the official release, and accuse social media of speculation.
Update: To the best of our knowledge the funds are frozen & can't be moved anywhere. The total ETH circulating social media is speculative.
— Parity Technologies (@ParityTech) 7 ноября 2017 г.
Ciaian Murray also believes that users can sue developers of smart contracts in connection with the loss of funds, thereby creating a legal precedent.
Coding open source financial apps is not like coding other OSS. Some day someone will take you to court. https://t.co/g0dXoG27AJ
— Ciaran Murray (@C1aranMurray) 7 ноября 2017 г.
Charlie Lee, creator of Litecoin spoke his word too.
I was adamantly against the DAO hardfork for this moral hazard reason. Ethereum is no longer unstoppable code as advertised on their website. How much in $/% is enough to do a HF? And who gets to decide? No longer uncensorable payments. https://t.co/i3RyIPqo32
— Charlie Lee [NO2X] (@SatoshiLite) 8 ноября 2017 г.
The founder of Ethereum Vitalik Buterin said that he "deliberately" refrains from any comments, but expressed support to all developers of contracts for electronic purses and their auditors.
I am deliberately refraining from comment on wallet issues, except to express strong support for those working hard on writing simpler, safer wallet contracts or auditing and formally verifying security of existing ones.
— Vitalik Buterin (@VitalikButerin) 8 ноября 2017 г.
How to solve this "issue"?
However, the representative of the security department of the Ethereum Foundation, Martin Holst Schwende, stated that it is impossible to recreate the code of the destroyed smart contract without carrying out the network's hardfork. In his opinion, any decision to defuse users' funds without exception requires a hardfork.
Service Localethereum conducted a Twitter-survey about the advisability of hardfork to rescue frozen in multi-signature wallets. 59% of respondents were against such an outcome.
Critical bug found in @ParityTech multi-sig wallets. ~500K ETH lost forever.
Should Ethereum fork again?#ethereum
— localethereum.com (@localethereum) 7 ноября 2017 г.
Despite the general pessimistic attitude, some developers hope that the "white hackers" will find a way to unblock funds without activating hardfork.
It also worth noting that it is not the first "issue" of Parity wallet. In July, hackers were able to stole $30M from Parity.