The bug that caused around $150 million (£1.13 million) of ether funds to be frozen has caused a huge amount of controversy in the cryptocurrency world. The company taking the flak is called Parity and yesterday they came out to reveal more about the issue, causing anger about the fact they already knew about the possible bug.
The problem came to light when a user known as Devops199 caused the money to be locked up when they deleted their wallet. Yet, the warning signs had been there since August.
Parity’s explanation of the event starts on the 20th of July, when they had to bring out new code following a major hacking incident. It seems that Devops199 was looking about in this code when they discovered a wallet that apparently didn’t have an owner.
To become the owner of this wallet, Devops199 just had to use the initWallet function. They did this but what happened next was critical, as they used the kill function to destroy the wallet.
However, the wallet that they destroyed was really a code library for all the Parity multi-signature wallets that had been set up since the new code was introduced in July. When it was destroyed all of these other wallets were also destroyed and the money in them instantly put into limbo.
Initial estimates put the amount of ether involved at $300 million but the details now released by Parity show that it is half that amount. Since multi-signature wallets are most popular with companies, many of the users affected are start-ups.
A User Advised Them in August
The most damning piece of evidence to come out is that a user on GitHub named 3esmit had pointed out the potential for disaster back in August. This user advised that it would be best to consider “calling initWallet on WalletLibrary” immediately after its deploy, to make sure that no-one can use it.
The word from Parity is that this recommendation was seen at the time as being a “convenience enhancement” and that the change was going to be deployed in one of the regular Ethereum updates at a “future point in time”. Of course, the update never happened in time before the bug wreaked havoc earlier on this month.
The company also went on to day that there had been “no formal audit” of the new code. Instead, they had relied on internal review and community reviews to check it out. Parity’s comments on the disaster acknowledged that they could have removed the kill function from the wallet or else taken what 3esmit said into account to manually or automatically fix the code on the contract.
They continued by saying that they recognise the “distress and anxiety” that this issue has caused. There is no possible solution put forward by them so far, although they say that they are “working hard to explore all feasible solutions”.
Many people in the cryptocurrency community feel that a hard fork is the only possible way out of this jam now. If this is the case then it is sure to be a hugely controversial decision, as the previous network split like this caused the Ethereum community to break up into two factions.
Parity summed up by saying that they will “follow the will of the community” when it comes to deploying a fix that brings back the lost money to its rightful owners.