After a long sideways movement where Ethereum price held at the 300 USD level, news broke out today that Ethereum Funds currently in the Parity wallet (multi-sig wallets) are currently frozen.
This article will cover the information we were able to collect so far from Parity and the developers on Github to explain what caused Ethereum funds freeze on the Parity Multisig wallets.
What is a parity “multisig wallet”?
Multisignature, or multisig is used to add additional security and for Blockchain transactions. Multisignature addresses require additional signatures on the transaction from another user or users before broadcasting it onto the block chain. This article included a good description of how the multisig transactions are carried.
The Parity Multisig wallet is a smart contract authored by parity devs. Note that not all Parity wallets are multisig and for this particular issue, only the multisig wallets deployed after 20th July are affected
What is the Security Alert issued on Parity Multisig wallets?
Currently no funds can be moved out of the Parity multi-sig wallets. They are frozen till the issue is solved.
Why did the Parity Wallet Freeze Ethereum Funds on the Parity Multisig Wallets?
After the initial multisig issue Parity faced in July and that resulted in the famous July Parity Hack, a new contract for the parity wallet library was deployed to enhance security and that’s where the vulnerability is coming from. According to the official announcement by Parity:
However that code still contained another issue – it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the
initWalletfunction. It would seem that issue was triggered accidentally 6th Nov 2017 02:33:47 PM +UTC and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library.
From our research, it seems like a new parity developer literally wiped the Parity Library Clean by sending a Kill command. For a kill command to be executed he needed to be owner of the Library. It looks like devops199 was able to make himself owner of the Parity Wallet Library and execute the kill command.
This is what the Library looks like now
How is this affecting Ethereum Price?
Parity is currently working on solving the Issue. From an Ethereum price perspective, The price dropped to an intraday low of 286 USD from an intraday high of 305 USD. Nothing dramatic so far but such an issue has definitely the potential to become concerning.
In fact, it will all depends on how Parity handles this: If they fix the issue, unfreeze the funds so there is no negative impact on the Parity Multisig wallets, it could be a good thing. Because in that case, they have just uncovered (Devops199 is one of their own developers after all) a serious vulnerability and if they solve it, it will only strengthen their future security.
The issue so far at least is limited to Parity, because other exchanges are using multisig wallets and do not seem to be having this issue. If that is the case, it could be a coding error on their Library. The challenge for Parity is that this is the 2nd security related issue in 1 year so we will have to wait and see how the market will react to this.
As said before, security issues are to be observed closely because they can impact the future of the Cryptocurrency in question and sometimes the whole sector. But they are part of the maturing process of the Cryptocurrency market and sometimes offer great opportunities to buy the dip.