Nearly all users who have multiple Parity Wallet multi-sig portfolios active since July 20 are susceptible to failure. Such portfolios rely on multiparty consent from smart contracts to validate transactions. This is an additional layer of protection. But this mechanism had to undergo an update. In July, a flaw in the Parity Wallet allowed 150,000 ETHs to be stolen, something equivalent to $30 million at the time. The issue was fixed on the 19th of the same month. The next day a new version of the portfolio contracts came into effect. The problem is that it is now known, the new code has brought another vulnerability. The company itself explains that the flaw allows a user to turn the Parity Wallet library contract into a multi-sig portfolio and thereby become the owner of it. One developer encountered the problem “accidentally” and reported it on day 6. Shortly thereafter, a user performed the procedure, which resulted in the deletion of Parity’s library code. There are no reports of thefts or losses, but the problem has made the multi-sig portfolios active since July 20 unusable. It is estimated that 600 thousand ETHs are inaccessible, equivalent to the US $150 million, but it is also said that sums can reach the US $280 million. In a statement published on Wednesday, Parity says that it is investigating the issue and studying all the possible implications and solutions. However, the company did not report the number of affected users. So, what do you think about this? Simply share your views and thoughts in the comment section below.
Δ
