Parity Wallet Freeze Post Mortem
3 min read

Parity issues a Post Mortem on the Kill that Froze Millions

By Editorial Team

On the 6th of November, the Ethereum community was shaken yet again by disclosure that the Parity multisig wallet was hacked. A user was able to take over control of a number of wallets and once done, accidentally “killed” the smart contract library.

This resulted in about 513,774 ETH being frozen in the wallets and unable to be moved. No doubt an embarrassing development for Parity as there was a similar multisig wallet hack in July where parity wallet users lost close to $30m.

Yesterday, the team at Parity gave a detailed analysis into what happened in the incident and how the plan to secure their software going forward.

Early Warning Signs

Parity disclosed that there were already some suggestions to fix the vulnerable code prior to the incident. One user suggested on github that the company could consider some changes in their next update.

The user suggested that the library contract should call the initWallet function in the code. This could have prevented any outside agent from taking over ownership of the contract in question.

This was then incorporated into the constructor function but was not immediately rolled out. This was because it was viewed more as a “convenience enhancement”. The team at parity would have rolled it out with one of the regular updates somewhere down the line.

Although Parity claims that the “original foundation” multi sig wallet code had no security issues, the library contract which was built by copying and modifying that code still had the original self-destruct function. This was coded in order to effectively “retire” the wallet.

This lead to the following frank assessment from the parity team:

If the contract code had not included the functionality to suicide or kill, even if someone had taken ownership, they would not have been able to do anything. The kill functionality was a remainder of the original audited contract.

Working Hard for the Future

Although they had great regret at failing to implement the fixes, they did note that the code was also created and audited the Ethereum foundation dev team. The Parity team is now working hard on a number of Ethereum Improvement Protocols (EIPs).

One of these is the previously proposed EIP156 which now could incorporate a number of changes to stave off future security concerns. Parity says that they will handle alot of the development around these particular proposals.

Apart from these EIPs, there are number of other steps that Parity is taking in order to prevent something like this happening again. One of them is to suspend the ability to deploy the multisig wallets until they are fully confident that they are safe.

They also said that they will complete a “full-stack external security audit of all existing sensitive code” as well as make use of a well thought out deployment checklist for future smart contracts. They would also want to work on other languages for smart contracts and consider increasing their bug hunting bounty.

It is indeed encouraging to see the effort that has been taken by Parity to comprehensively change procedural protocol to avoid future incidents. However, whether users will once again be comfortable to store large amounts of ETH in their wallets is another question entirely.

Featured Image via Fotolia

Editors at large. Posting the latest news, reviews and analysis to hit the blockchain.
View all posts by Editorial Team -> Best Crypto Deals ->

Latest Posts

Bitstamp Review
Bitstamp Review 2022: Secure and Simple Cryptocurrency Exchange
Bitstamp Review

Bitstamp Review 2022: Secure and Simple Cryptocurrency Exchange

August 6, 2022 27 min read
Phemex Review
Phemex Review 2022: Secure Crypto Exchange for Serious Traders
Phemex Review

Phemex Review 2022: Secure Crypto Exchange for Serious Traders

August 2, 2022 33 min read
How to add Polygon to Metamask
Connecting the Polygon Network to Metamask
How to add Polygon to Metamask

Connecting the Polygon Network to Metamask

August 1, 2022 11 min read
bitget review
Bitget Exchange Review 2022: Growing Crypto Exchange with BIG Potential!
bitget review

Bitget Exchange Review 2022: Growing Crypto Exchange with BIG Potential!

July 29, 2022 32 min read
Shorting the market
Declining Crypto Prices: Is Shorting Crypto a Good Idea?
Shorting the market

Declining Crypto Prices: Is Shorting Crypto a Good Idea?

July 27, 2022 29 min read
How to add Binance Smart Chain to Metamask
Connecting the Binance Smart Chain to Metamask
How to add Binance Smart Chain to Metamask

Connecting the Binance Smart Chain to Metamask

July 26, 2022 10 min read
Bybit Review
Bybit Exchange Review: Dream Destination for Derivatives Trading?
Bybit Review

Bybit Exchange Review: Dream Destination for Derivatives Trading?

July 24, 2022 37 min read

Related Posts

Bitstamp Review
Bitstamp Review 2022: Secure and Simple Cryptocurrency Exchange
Bitstamp Review

Bitstamp Review 2022: Secure and Simple Cryptocurrency Exchange

August 6, 2022 27 min read
Phemex Review
Phemex Review 2022: Secure Crypto Exchange for Serious Traders
Phemex Review

Phemex Review 2022: Secure Crypto Exchange for Serious Traders

August 2, 2022 33 min read
bitget review
Bitget Exchange Review 2022: Growing Crypto Exchange with BIG Potential!
bitget review

Bitget Exchange Review 2022: Growing Crypto Exchange with BIG Potential!

July 29, 2022 32 min read
Euler Finance Review
Euler Finance Review 2022: Is Euler the Next Generation of DeFi Lending?
Euler Finance Review

Euler Finance Review 2022: Is Euler the Next Generation of DeFi Lending?

July 25th, 2022 36 min read
Top Blockchain Conferences in 2022
Crypto Conferences for 2022 And Beyond
Top Blockchain Conferences in 2022

Crypto Conferences for 2022 And Beyond

July 21, 2022 15 min read
Guild of Guardians Review
Guild of Guardians Review 2022: Top Free-To-Play Mobile Crypto Game!
Guild of Guardians Review

Guild of Guardians Review 2022: Top Free-To-Play Mobile Crypto Game!

July 19, 2022 22 min read
APECoin Review
APECoin Review: FOMO for the Ordinary Folk
APECoin Review

APECoin Review: FOMO for the Ordinary Folk

July 11, 2022 12 min read