Automatically Detecting the Bug that Froze Parity Wallets

Nov 9, 2017 · 3 min read

On November 6, a bug in the popular Parity Multi-signature Wallet froze over $200M worths of ether. A user “accidentally” wiped out the Parity WalletLibrary, which resulted in freezing all Parity Wallets created after July 20. This bug was already covered in detail by numerous articles (e.g., here). To sum up, the accident occurred in two steps. First, the user took ownership over the Wallet Library. Next, the user suicided the library and thereby removed its code from the blockchain. All Parity Wallets created after July 20 rely on this library to withdraw funds. Consequently, all of their funds got frozen after the library was wiped out.

This accident shows that despite their relatively small size, smart contracts continue to contain subtle bugs that are difficult to uncover manually. Automated security analysis systems can mitigate this issue by pinpointing such critical vulnerabilities. Securify, a fully automated verifier for Ethereum smart contracts from ETH Zurich, successfully discovers both critical bugs that allowed the user to take ownership over the Wallet Library and freeze all Parity Wallets that rely on it. We describe how Securify discovers the two bugs below.

The first bug allowed any user to take ownership over the library. With this transaction, user 0xae7168deb525862f4fee37d987a971b385b96952 invoked the initWallet function and took ownership over Wallet Library. When analyzing the Solidity source code of Wallet Library, Securify reports the following three lines as vulnerable:

Image for post
Image for post
Fig. 1: Unprivileged writes to variables in the initMultiowned function of the Wallet Library

The highlighted lines indicate that any user can modify three critical variables, such as the variable m_owners, provided that the variable m_numOwners has not been initialized.

The second bug is in the source code of the Wallet contract. This contract cannot withdraw funds unless it can invoke the Wallet Library. Securify explicitly checks whether a contract can receive ether without allowing users to withdraw it. It does this using a security pattern called “Locked Money”.

Image for post
Image for post
Fig. 2: The Parity Wallet identified as vulnerable to the “Locked Money”

The “Locked Money” security pattern triggers when analyzing the Parity Wallet contract (see Fig. 2), which indicates that the Wallet contract has this vulnerability. To verify this issue, you can check one of the affected wallets. Go to, select Address, enter the contract address 0x3bfc20f0b9afcace800d73d2191166ff16540258, and click Verify.

Once again, this highlights the importance of security audits of smart contracts and automated systems that discovering such bugs.

Image for post
Image for post

Access to the Beta version of Securify is available at: We plan to release a new version of Securify, which features even more security patterns (such as the unprivileged writes to variables) in the coming months. In the meantime, you can get in touch with the developers of Securify by sending an email to: To learn more about Securify, you can check out our DevCon3 slides, which feature a nice comparison between different security approaches to automated security analysis. A video of our DevCon3 talk will be available soon as well.

Also, check out ChainSecurity, a blockchain security company founded by the creators of Securify.


From the world of secure smart contracts

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store