No one using this wallet library can withdraw funds, and all their ether is likely lost.https://twitter.com/ParityTech/status/927857866203127808 …
-
-
Ironic, yet totally expected: Gavin Wood, author of the insecure Parity Wallet, personally lost $90mil in ETH.https://twitter.com/tuurdemeester/status/927906221692157953 …
Show this thread -
Contact me if you’re interested in funding development of a secure wallet library built on formal methods by
@trailofbits (also, audits!)Show this thread -
The culprit for this latest Parity Wallet issue may have been identified.https://twitter.com/myetherwallet/status/927900639832748032 …
Show this thread -
As
@maurelian_ suggests, the Simple Multisig wallet is probably the best starting point for formal verificationhttps://twitter.com/maurelian_/status/927934498716524545 …Show this thread -
Here's the postmortem on the Parity wallet self-destruct by the authors of it: https://blog.ethcore.io/security-is-a-process-a-postmortem-on-the-parity-multi-sig-library-self-destruct/ …
Show this thread
End of conversation
New conversation -
-
-
I don't see anywhere the "library" keyword in that code. WalletLibrary is a contract. Wouldn't using library have prevented this incident?
-
You can’t have variables as a library, which WalletLibrary needs right now. It would be a strange design choice and make it harder to use.
End of conversation
New conversation -
-
-
Best practice: define the owner vars in the wallet contract where they belong and pass the wallet address as param to the lib!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

