Parity at centre of yet another fiasco
The Etheruem client Parity finds itself in the spotlight again today following its admission that a vulnerability concerning its multi-signature contracts has been found.
The vulnerability has essentially rendered wallets utilising its multi-sig contracts (an added form of protection that requires the authorisation of multiple users to access the wallet) dead, removing the ability to move the funds contained within.
In somewhat farcical fashion, the vulnerability came to light through an issue that was raised on Parity's github, in which Github user and self professed 'ETH newbie' devops199 posted a frank message.
Without going into too much detail, devops199 essentially acquired ownership of the smart contract and then promptly killed the contract. This destroyed the 'WalletLibrary', which the multi-sig wallet relied on for all of its functionality bar the act of depositing. This therefore renders all funds in the multi-sig wallet trapped.
PolkaDot, a recently concluded ICO which raised $145m, has posted on Twitter that they are one of those affected:
Parity's ongoing woes is a further reminder that secure and easy to use wallets remain one of the most important hurdles to mainstream adoption. Despite the progress made by the likes of MyEtherWallet and Ledger Wallet, basic programming errors like those committed by Parity are inexcusable with the sums of money at risk.