Parity Wallet Security Alert — Vulnerability in the Parity Wallet library contract

In another sad twist of fate again the Parity Multi-sig wallets came under another critical bug or shall I say defect/hack where a user exploited an issue and thus removed the library code. This froze funds in all Parity multi-sig wallets deployed after 20 July. For now the funds are frozen & can’t be moved anywhere. Some speculate that this may impact 150+ Million USD worth of ETH. The exploit seems to be significant as a lot of customer funds are frozen who either pool funds or ICOs that use the Parity’s multi-sig capability to store funds.

The Updates

This was the first update from Parity was below

Which was followed by he below official security alert detailing the nature of the exploit

And statement of the issue was as mentioned below:

Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July. However that code still contained another issue — it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.

Who Did it

From the below issue raised in Parity github issue log the issue was done by a user who goes by github handle devops199.

From the his github repo though not much public commits can be confirmed, but based on what he has achieved, by that some call him a hacker.

From the issue log one can see that the suicide code was called onto a live contract which seems to be a library which was called from other Parity multi-sig wallets.

And the developer devops199 was able to make himself as the owner of the library contract because the contract was uninitialized and he chose to call the suicide wallet.

He seemed to act like a hacker trying to exploit July 19 bug and found the below multi_sig wallets deployed using Parity were using the library located at “0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4” address.

So he killed the contract and then when he queried the dependent contracts “isowner(<any_addr>)” they all return TRUE because the delegate call made to a died contract to allegedly test the exploit.

This is the transaction that tracks the suicide call.

The most funny part was that he did not understand the gravity of the issue and felt by deleting the contract he has stopped an exploit from re-occurring while he himself already triggered the exploit and that to on a production live contract, at least that was what his statement seemed to mean. It seems the developer was unaware of the consequences.

I believe some one might exploit.

Impact

No funds can be moved out of the multi-sig wallets for all dependent multi-sig wallets that were deployed after 20th July. Below is full list of affected wallets (151 addresses) and their balances (513,743 eth or $152 million total) collected by crypto eli5. Hence this is approximate amount in quantifiable sense that has been affected.

But the most immediate affected ICO seems to be Polkadot ICO.

Polkadot ICO had recently raised around 130 Million worth funds which may be directly affected because of this issue.

Though they have clarified that affected multi-sig wallet that had their funds does not contain all of the Web3 Foundation’s funds; so their ability to build Polkadot as planned based on the original timetable has not been affected.

From the social media

Seems some parody accounts now have cropped up who now post as devops199, with whom I have been chatting in public room. He has clarified that this below handle is not him.

Funny Tweets capturing some of the conversation by the alleged developer who found the exploit

From the above conversation it seems the developer was doing some research on the July 19 multi-sig hack on the Production Ethereum Blockchain which can easily reflects the developer’s noob-ness.

But one has to understand that despite the exploit that the devops199 has found or created,he is been cooperative and can’t be fully blamed for what happened. Though sites like coindesk and techcrunch are headlining with stuff like Ethereum Hacked or parity wallet hacked (20% of the nodes hacked). And that has already impacted market sentiment.

What went Wrong

It seems to be the crux of the parity multi-sig issue is that the share library contract was destroyed because it allowed initWallet( ) to be called on itself, directly. Making it a functioning wallet instead of just a library that other wallets can use. At the moment, though the funds seems frozen in the multi-sig wallets, multi-sig wallets are still the owners of the ether. They just currently lack a withdraw( ) function to transfer them elsewhere. Because the code they need to use to withdraw their funds has been ‘deleted’. The fact that 0x863 also had contract Wallet { } is where the trouble started.

Call for Hard-fork

While some are of the view one could “repair” the existing ones by pointing them at a newly deployed library they still have funds, and update the wallets to use the new one. But you just can’t update those deployed wallets without a fork.With almost 150 million USD worth of ETH stuck “frozen” in these multi-sig wallets many of the investors are now calling for a Hard-fork to bailout the frozen funds.

Technically the multisig wallets called a different contract (stored in _walletLibrary, hence the use of the name library). It’s been deleted.Depending on what one means by ‘update’ a future hard fork adding recovery features might be able to help with this. They can deploy a new one, but it won’t have the same address. The fork would be to update the wallets to point to the new one.But it’s looking like they are stuck forever if that doesn’t happen.

For now only a hard fork which puts back the “library contract” in an initialized state would resolve this. Either way, this isn’t looking too good for Ethereum. Some feel, it can be quite a bit nastier to recover the funds. The fork would have to reinstate the whole “not-library” at the exact same address, and with its prior stored values. It could still be done, but it’s not as simple as updating the wallets to a new library.

Legal Angle

Some are already calling devops199 as a hacker who wanted to steal funds and others were looking at the legal ramifications of the current exploit and how it has played. Though there is a larger consensus that devops199 may not be persecuted but only time will tell.

From this updated assessment from a chat room its possible devops199 may be in lot of trouble as he was recreating the july Hack on real wallets like a Black hat hacker :

looking closer, on polkadot alone, with their $90m USD balance, he called kill( ) first, then changeOwner( ) to himself 3 times, and then tried to do the delegate call to send himself 100 ETH (repeating the july hack) twice.

Finally

Despite the raging controversy, it’s not a problem with Ethereum, but it is a problem with the image of Ethereum, as most people may not see the difference. While some say the biggest loser out of this currently is an Ethereum co-founder, that its pretty guaranteed. Parity & Polkadot are the biggest losses for ETH. If there is one thing this event has brought, it is spicy memes. Just minutes after the library was wiped out, devops199 raised an issue at parity’s github titled “anyone can kill your contract.” “I accidentally killed it,”

There are also fears of legal trouble for devops199 but at the end it is one of the unfortunates issues of open source Parity wallet whose multi-sig capability seems to be cursed where the lightning of exploits has struck twice and there may be more.

As someone in a chat room said:

Hundreds of millions of $ Wiped out by $0.27