I want to use parity as a multisig wallet, but I want to make sure they've already fixed the recent exploit. Most articles online just talk about the exploit.
Asked
Active
Viewed 236 times
1 Answers
4
It was fixed on Jul 19, this is the Pull Request.
As stated in their release notes, you need to make sure your parity version is 1.6.10 or above.
Here is a post explaining the exploit, you can check for yourself that now there is a only_uninitialized modifier in the constructor.
Update: As of 11/7/2017, all Parity multi-sig wallets deployed after July 20th have no functionality (source). An unknown user took control of Parity's library contract from which all Parity multi-sig wallets derived functionality. The user then unwittingly suicided the library contract, obliterating all wallet functionality and freezing ~500 wallets, and about ~$150M (source). This won't be resolved until after a hard fork.
A good explanation of events can be found here.
tshallenberger
- 542
- 3
- 10
Eran H.
- 161
- 6
-
1Addendum in light of recent events (11/7/2017): another critical security bug was discovered when a user unwittingly took control of Parity's multi-sig library contract, from which every multi-sig wallet deployed after July 20th derived functionality. The user then suicided the contract, obliterating all functionality for ~500 Parity multi-sig wallets, and freezing ~$150M. This bug won't be fixed (for currently existing multi-sig wallets) until after a hard fork occurs that allows them to restore the library contract, or move the funds. – tshallenberger Nov 07 '17 at 19:14