No one using this wallet library can withdraw funds, and all their ether is likely lost.https://twitter.com/ParityTech/status/927857866203127808 …
-
-
We recently completed an audit that had precisely this bug. To all smart contract developers: consider initialization very carefully!
Show this thread -
Further, mark initialization methods as onlyOwner. We expect to see attacks that exploit race conditions against these methods in the future
Show this thread -
Parity likely did not think of their wallet as a classic contract. Their code is in a library, and they delegatecall to execute it directly.
Show this thread -
Ironic, yet totally expected: Gavin Wood, author of the insecure Parity Wallet, personally lost $90mil in ETH.https://twitter.com/tuurdemeester/status/927906221692157953 …
Show this thread -
Contact me if you’re interested in funding development of a secure wallet library built on formal methods by
@trailofbits (also, audits!)Show this thread -
The culprit for this latest Parity Wallet issue may have been identified.https://twitter.com/myetherwallet/status/927900639832748032 …
Show this thread -
As
@maurelian_ suggests, the Simple Multisig wallet is probably the best starting point for formal verificationhttps://twitter.com/maurelian_/status/927934498716524545 …Show this thread -
Here's the postmortem on the Parity wallet self-destruct by the authors of it: https://blog.ethcore.io/security-is-a-process-a-postmortem-on-the-parity-multi-sig-library-self-destruct/ …
Show this thread
End of conversation
New conversation -
-
-
the problem with APT is that an hour after having it, you can surveil it and wait for my Mi4, see how it is.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

