The wallet contract was deployed 109 days ago yet initWallet was only called 22 hours ago, triggering the bug. https://etherscan.io/address/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4 …
-
-
Show this thread
-
Reports are pouring in and the total USD dollar amount may be among the largest ever, now at $278mil USD (1mil ETH).https://twitter.com/paddyucl/status/927885515407454209 …
Show this thread -
The bug looks like a mistake, not an attack, due to forgetting to initialize the wallet when it was deployed.
Show this thread -
We recently completed an audit that had precisely this bug. To all smart contract developers: consider initialization very carefully!
Show this thread -
Further, mark initialization methods as onlyOwner. We expect to see attacks that exploit race conditions against these methods in the future
Show this thread -
Parity likely did not think of their wallet as a classic contract. Their code is in a library, and they delegatecall to execute it directly.
Show this thread -
Ironic, yet totally expected: Gavin Wood, author of the insecure Parity Wallet, personally lost $90mil in ETH.https://twitter.com/tuurdemeester/status/927906221692157953 …
Show this thread -
Contact me if you’re interested in funding development of a secure wallet library built on formal methods by
@trailofbits (also, audits!)Show this thread -
The culprit for this latest Parity Wallet issue may have been identified.https://twitter.com/myetherwallet/status/927900639832748032 …
Show this thread -
As
@maurelian_ suggests, the Simple Multisig wallet is probably the best starting point for formal verificationhttps://twitter.com/maurelian_/status/927934498716524545 …Show this thread -
Here's the postmortem on the Parity wallet self-destruct by the authors of it: https://blog.ethcore.io/security-is-a-process-a-postmortem-on-the-parity-multi-sig-library-self-destruct/ …
Show this thread
End of conversation
New conversation -
-
-
Is there a list of ICOs, coins, wallets impacted? Not clear
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Would implementing EIP 156 in the Constantinople fork not retroactively un-freeze these wallets?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
What the heck
@TuurDemeesterThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

