A security vulnerability in Ethereum’s second most popular client, Parity, has been exploited by this address earlier today.
All Parity multi-sig wallets have been frozen. That includes the Polkadot ICO and may include many others totaling around 500,000 eth, worth $150 million, according to some number crunching.
“Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July,” Parity says before adding:
“However that code still contained another issue – it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function.
It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.”
The code library, a sort of collection of code templates, was kind of a smart contract itself. That has now been wiped out, and with it the code functions too. Meaning multi-sig wallets (addresses that require two or three private key signatures to move) are blacked out. So the funds can’t move because you can’t “talk” to the wallets.
Or at least that’s what is known at this stage as the story is developing with further information to come in due time, but the big question now is whether to fork or not in order to unfreeze the funds.
Bitcoin forked in 2010 after a bug was able to create billions of bitcoins out of thin air. Ethereum forked in 2016 after the then biggest smart contract was hacked.
Bitcoin forked at a time when the community was far too small and any fork ideologies had not developed. Ethereum’s fork in 2016 was more testing because some, primarily bitcoiners, strongly argued against it.
However both forks went through fairly smoothly, and both currencies went on to all time highs, which suggests either they were positive events or the market didn’t care.
The question in this instance is firstly whether everyone is absolutely sure those funds are fully frozen and can not be unfrozen without a fork. If the answer is yes, which looks likely, then ethereans may have to decide whether to save those funds or let them burn.
The argument against it, at a basic and selfish level, might be that supply would be taken out. If demand remains constant, then price might rise.
However, that’s the supply of many ethereans who might have worked very hard for it. They may turn bitter, against the currency, which itself might gain a reputation of being unsafe.
On a more intellectual level the argument against it is that there should be punishment for failure. Otherwise, lessons would never be learned.
The argument for it is that bugs are inevitable. If hundreds of millions are lost so easily, then the platform and currency might stagnate as no one would want to take such responsibility when bugs are a certainty.
The decision, therefore, in this case, is not to fork or not fork, but to innovate or stagnate. As the bearer of Silicon Valley’s mantra of move fast and break things, ethereum might want to show its platform is safe, and when things go wrong there are solutions.
There may be here ego complications. The two eth clients and teams are competitors of sorts. But this isn’t time for competition. Parity has some of the most skilled coders.
There are, of course, lessons to be learned and there will be time for that, but, bugs simply happen. Especially considering ethereum is still barely two years old, placing them at the same sort of stage as bitcoin in 2010 even though eth has a far bigger community.
Like bitcoin back then, eth is traveling new frontiers. And just like bitcoin fixed its bug and moved on, eth might want to do so too. In the process becoming more robust.