{"id":2049,"date":"2017-11-08T23:27:42","date_gmt":"2017-11-08T23:27:42","guid":{"rendered":"https:\/\/davidgerard.co.uk\/blockchain\/?p=2049"},"modified":"2018-04-26T21:09:04","modified_gmt":"2018-04-26T21:09:04","slug":"the-ethereum-parity-wallet-disaster-play-by-play","status":"publish","type":"post","link":"https:\/\/davidgerard.co.uk\/blockchain\/2017\/11\/08\/the-ethereum-parity-wallet-disaster-play-by-play\/","title":{"rendered":"The latest Ethereum Parity wallet disaster, play by play"},"content":{"rendered":"

“I accidentally e-mailed my bank ‘delete’ and they lost everybody’s accounts. I’m sorry i’m just learning banking.” (Powershift)<\/p><\/blockquote>\n

I spent yesterday afternoon on Twitter and \/r\/buttcoin<\/a>, giggling. It was a popcorn overload moment for every acerbic cryptocurrency sceptic who ever thought that immutable, unfixable smart contracts were an obviously stupid idea that would continue to end in tears and massive losses<\/a>, as they so often had<\/a> previously.
\n<\/span><\/span><\/span><\/p>\n

Someone decided to access a “kill” function on various smart contracts on the public Ethereum blockchain, to see what would happen\u00a0\u2014 just experimenting:<\/a><\/p>\n

\u201cWill i get arrested for this?\u201d So asks a user called devops199 on parity\u2019s developers real time public chat room, before confirming he called the \u201ckill\u201d transaction which wiped out the code library and froze some 500,000 eth<\/a>, currently worth $150 million.<\/p>\n

\u201cI\u2019m eth newbie\u2026 just learning\u2026 sending kill() destroy() to random contracts you can see my history\u201d he publicly said.<\/p><\/blockquote>\n

\"\"<\/a><\/p>\n

Devops199 was researching the July 2017 vulnerability<\/a> in the Parity<\/a> Ethereum wallet software which had led to $30 million being stolen<\/a>. Unfortunately, in following the logic of that bug, they discovered that the fix for that problem had a new bug, which they duly reported<\/a> to the Parity project:<\/p>\n

\n

anyone can kill your contract <\/span> #6995<\/span><\/p>\n

I accidentally killed it.<\/p>\n

https:\/\/etherscan.io\/address\/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4<\/a><\/p>\n

I was able to make myself the owner of that contract because its uninitialized.<\/p>\n

I made myself the owner of “0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4” contract and killed it and now when i query the dependent contracts “isowner(<any_addr>)” they all return TRUE because the delegate call made to a died contract.<\/p>\n

I believe some one might exploit.<\/p><\/blockquote>\n

Devops199 took ownership of the contract at that address, because ownership had not been initialised, then turned it into a regular wallet address. They tried to back out by sending it a “kill”, which would normally be fine … but the contract in question was a “library” function \u2014 a function designed for other programs to use \u2014 that turned out to be essential to Parity wallets. With this library function disabled, all the contracts depending on it couldn’t work any more. An accidental left-pad incident<\/a> in production, where a minor function that was deleted turned out to be a dependency of much more important things.<\/p>\n

\"\"<\/a><\/p>\n

The Parity project has a detailed post<\/a> on what happened. “This means that currently no funds can be moved out of the multi-sig wallets.” The total of locked-up funds appears to be on the order of 1 million ETH, or about $300 million. Parity’s MultiSig Freeze<\/a> page currently says 584 wallets are affected.<\/p>\n

Parity was founded by Gavin Wood, who is more or less the second-lead developer of Ethereum itself, and author of the “yellow paper”<\/a>, the Ethereum protocol specification. Wood also runs Polkadot, whose ICO was very successful<\/a>; the Ether raised in the ICO appears to be stuck in the locked wallet.<\/p>\n

To emphasise that point: smart contract coding is so difficult and unforgiving that even one of the primary developers of Ethereum can’t do it without losing hundreds of millions of dollars to human error.<\/p>\n

\"\"<\/a><\/p>\n

Artist’s impression of Ethereum, Tuesday 7 November 2017.<\/p>\n

Some crypto advocates who’ve been mainlining cryptocurrency ideology<\/a>\u00a0\u2014 including ones who really should know better, like Emin G\u00fcn Sirer<\/a>\u00a0\u2014 think that this drop in supply will obviously<\/em> lead to an increase in price, because Austrian bitcoin economics holds this as an article of faith. In real economics, this isn’t how the purchasing power of money works. It might apply if Ether was a highly liquid commodity whose demand was comparable to the supply; in practice, it’s very thinly traded, the total supply is vastly greater than the demand (so\u00a0hold!<\/em>) and the price is pretty much made of exuberance.<\/p>\n

Some have seriously advocated a rescue fork<\/a> of Ethereum, though Vitalik Buterin remains carefully noncommittal<\/a> on the idea. There is a proposal<\/a> to make smart contracts and locked wallets like this recoverable, though that would require another hard fork flag day<\/a>, and Ethereum is just stabilising after the last one<\/a>.<\/p>\n

Crypto advocates need to take the next logical step, and admit the possibility that irreversibility, an essential design feature of cryptocurrency blockchains, is the fatal flaw of cryptocurrency that is responsible for most<\/em> cryptocurrency and smart contract disasters. Pervasive irreversibility has turned out to be a bad and stupid idea.<\/p>\n

\n

I just finished @davidgerard<\/a> \u2018s \u201cAttack of the 50 Foot Blockchain\u201d last night so part of me feels like this happened to provide a practical example of everything he was predicting just for my benefit. https:\/\/t.co\/jCrqIJsrSD<\/a><\/p>\n

— Justin (@SetOfJacks) November 7, 2017<\/a><\/p><\/blockquote>\n