The wallet contract was deployed 109 days ago yet initWallet was only called 22 hours ago, triggering the bug. https://etherscan.io/address/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4 …
-
Show this thread
-
Dan Guido Retweeted Patrick McCorry ☘️
Reports are pouring in and the total USD dollar amount may be among the largest ever, now at $278mil USD (1mil ETH).https://twitter.com/paddyucl/status/927885515407454209 …
Dan Guido added,
1 reply 17 retweets 29 likesShow this thread -
The bug looks like a mistake, not an attack, due to forgetting to initialize the wallet when it was deployed.
2 replies 2 retweets 10 likesShow this thread -
We recently completed an audit that had precisely this bug. To all smart contract developers: consider initialization very carefully!
1 reply 4 retweets 19 likesShow this thread -
Further, mark initialization methods as onlyOwner. We expect to see attacks that exploit race conditions against these methods in the future
1 reply 1 retweet 9 likesShow this thread -
Parity likely did not think of their wallet as a classic contract. Their code is in a library, and they delegatecall to execute it directly.
3 replies 3 retweets 5 likesShow this thread -
Dan Guido Retweeted Tuur Demeester
Ironic, yet totally expected: Gavin Wood, author of the insecure Parity Wallet, personally lost $90mil in ETH.https://twitter.com/tuurdemeester/status/927906221692157953 …
Dan Guido added,
4 replies 25 retweets 35 likesShow this thread -
Contact me if you’re interested in funding development of a secure wallet library built on formal methods by
@trailofbits (also, audits!)2 replies 10 retweets 18 likesShow this thread -
Dan Guido Retweeted MyEtherWallet.com
The culprit for this latest Parity Wallet issue may have been identified.https://twitter.com/myetherwallet/status/927900639832748032 …
Dan Guido added,
2 replies 3 retweets 12 likesShow this thread -
Dan Guido Retweeted more alien
As
@maurelian_ suggests, the Simple Multisig wallet is probably the best starting point for formal verificationhttps://twitter.com/maurelian_/status/927934498716524545 …Dan Guido added,
1 reply 1 retweet 5 likesShow this thread
Here's the postmortem on the Parity wallet self-destruct by the authors of it: https://blog.ethcore.io/security-is-a-process-a-postmortem-on-the-parity-multi-sig-library-self-destruct/ …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

