No one using this wallet library can withdraw funds, and all their ether is likely lost.https://twitter.com/ParityTech/status/927857866203127808 …
-
-
Reports are pouring in and the total USD dollar amount may be among the largest ever, now at $278mil USD (1mil ETH).https://twitter.com/paddyucl/status/927885515407454209 …
Show this thread -
The bug looks like a mistake, not an attack, due to forgetting to initialize the wallet when it was deployed.
Show this thread -
We recently completed an audit that had precisely this bug. To all smart contract developers: consider initialization very carefully!
Show this thread -
Further, mark initialization methods as onlyOwner. We expect to see attacks that exploit race conditions against these methods in the future
Show this thread -
Parity likely did not think of their wallet as a classic contract. Their code is in a library, and they delegatecall to execute it directly.
Show this thread -
Ironic, yet totally expected: Gavin Wood, author of the insecure Parity Wallet, personally lost $90mil in ETH.https://twitter.com/tuurdemeester/status/927906221692157953 …
Show this thread -
Contact me if you’re interested in funding development of a secure wallet library built on formal methods by
@trailofbits (also, audits!)Show this thread -
The culprit for this latest Parity Wallet issue may have been identified.https://twitter.com/myetherwallet/status/927900639832748032 …
Show this thread -
As
@maurelian_ suggests, the Simple Multisig wallet is probably the best starting point for formal verificationhttps://twitter.com/maurelian_/status/927934498716524545 …Show this thread -
Here's the postmortem on the Parity wallet self-destruct by the authors of it: https://blog.ethcore.io/security-is-a-process-a-postmortem-on-the-parity-multi-sig-library-self-destruct/ …
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

