Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 27 2020 15:09
    ordian labeled #11527
  • Feb 27 2020 15:09
    ordian opened #11527
  • Feb 27 2020 15:09
    ordian labeled #11527
  • Feb 27 2020 14:57
    niklasad1 closed #11508
  • Feb 27 2020 14:57
    niklasad1 commented #11508
  • Feb 27 2020 14:56
    niklasad1 labeled #11508
  • Feb 27 2020 14:38

    ordian on ao-github-actions

    initial github actions (compare)

  • Feb 27 2020 13:07
    s3krit synchronize #11525
  • Feb 27 2020 13:07

    s3krit on mp-de-parityify

    sed magic find . -type f -exec… (compare)

  • Feb 27 2020 12:57
    ordian labeled #11514
  • Feb 27 2020 12:57
    ordian unlabeled #11514
  • Feb 27 2020 12:56

    ordian on perf

    (compare)

  • Feb 27 2020 12:56

    ordian on master

    Faster kill_garbage (#11514) *… (compare)

  • Feb 27 2020 12:56
    ordian closed #11514
  • Feb 27 2020 11:22

    ordian on na-engine-signer-dont-use-msg-only-zeroes

    (compare)

  • Feb 27 2020 11:22

    ordian on master

    [EngineSigner]: don't sign mess… (compare)

  • Feb 27 2020 11:22
    ordian closed #11524
  • Feb 27 2020 11:22
    ordian closed #11521
  • Feb 27 2020 10:58
    niklasad1 synchronize #11524
  • Feb 27 2020 10:58

    niklasad1 on na-engine-signer-dont-use-msg-only-zeroes

    forgot formatting change (compare)

Anthony
@pyskell
I can't find a mention on your twitter
Gav Wood
@gavofyork

SECURITY ALERT

  • Severity: Critical
  • Product affected: Parity Wallet
  • Affected implementations: Parity 1.5 or later
  • Summary: A vulnerability in a version of the multi-sig wallet contract has been reported.
  • Mitigation steps: Any user with funds in a multi-sig wallet created in Parity with the affected implementations should immediately move their funds to a secure address.
THIS IS NOT A DRILL
yes
was removed/delayed to give the whitehats at the foundation a chance to save the funds.
however, since it's tweeted anyway now...
if you have a parity-based multisig, move your funds to a secure address ASAP
Anthony
@pyskell
Can you tweet it?
Gav Wood
@gavofyork
we will be releasing an update with a fixed multisig implementation ASAP
if you don't have funds in a multisig, or it wasn't created with parity, then you've nothing to do.
three accounts have been compromised; those visible here: https://etherscan.io/address/0xb3764761e297d6f121e79c32a65829cd1ddb4d32#internaltx
there is an effort by the foundation underway to secure funds in other wallets to prevent any further compromises; they will make an announcement in their own time.
Danny Ryan
@djrtwo
have those funds in the reference link been stolen or white hat withdrawn?
Gav Wood
@gavofyork
stolen.
Michael Thuy
@kingflurkel
So
Mark Boys
@boysie123
can you confirm what a multi sig wallet is? I mean is this the default type created and how to tell if you used it to create your wallet?
Micah Zoltu
@MicahZoltu
In Parity if you click Create Wallet and choose Multisig.
Juliano Rizzo
@juli
@gavofyork hi, is the patch published ?
Mark Boys
@boysie123
whats the difference between a wallet and an account?
and I guess accounts created by parity are safe still?
Micah Zoltu
@MicahZoltu
Accounts created by Parity are fine.
Only Multisig wallets are the problem.
KurtKnudsen
@KurtKnudsen
@gavofyork permission to PM you?
Gav Wood
@gavofyork
@juli we're working on a patch. for now; just move the funds to a secure account.
@KurtKnudsen sure
PumperProphet
@PumperProphet_twitter
hmm
Manuel Aráoz
@maraoz
@gavofyork I'd like to have more details to assess if OpenZeppelin's multisig wallet (based on your original implementation) is affected. Will PM
PumperProphet
@PumperProphet_twitter
how much u guys think eth price will drop?
Danny Ryan
@djrtwo
/r/ethtrader for price discussion
Woodman
@btcmacroecon
id like to get some help to transition a registered name to the rightful owner of the contract and do it right for a jez, could i ask a favor to make it happen or is there a ticket I should fill out? can't remember where
could use third party to help arrive at best way
Any opportunity to turn it into a tutorial?
federico
@federico44_twitter
@danielwalton me, is that even a thing on parity?
i cant see some token that are in my wallet
Jordan Earls
@Earlz
When will details about the security issue in wallet.sol be released?
Joseph
@yozef
@gavofyork I'd like to have more details to assess if OpenZeppelin's multisig wallet (based on your original implementation) is affected. Will PM
+1
Jordan Earls
@Earlz
I'm betting on it being a reentrancy issue, most popular reason to date for smart contract exploits
TSWesselius
@TSWesselius
At this moment, are chances larger that multisig funds of an affected contract are stolen or saved by a white hat move ?
Anondran
@anondran_twitter
When is the Hard Fork?
Gav Wood
@gavofyork
@maraoz / @Earlz the issue is not with the basic wallet, but rather an altered version that Parity deployed as a library.
specific details will be published asap
Micah Zoltu
@MicahZoltu
@TSWesselius I believe there are 3 accounts confirmed to be liquidated by black hats. I suspect the remainder have been liquidated by white hats.
Though, at this point most information is speculation by Twitter/Reddit.
Jordan Earls
@Earlz
Is the code for that open source somewhere? I see lots of wallet.sol implementations, but not as libraries
Micah Zoltu
@MicahZoltu
This is what Parity links to when you use the UI to create a new multi-sig wallet: https://github.com/paritytech/parity/blob/master/js/src/contracts/snippets/enhanced-wallet.sol
Jordan Earls
@Earlz
ah that looks like it
FundYourselfNow
@FundYourselfNow_twitter
hi
Jordan Earls
@Earlz
Wow, wonder if we'll see a fork to revert this like they did with the DAO
Chris Padovano
@decentralizedlegal
We will not.
Woodman
@btcmacroecon
i just found an old mist address. I have the UTC file. Where can I get private key out of that, I'd prefer deal with private key and import that into Parity. Or what to do to get json?
boarddavid
@boarddavid
If you have the UTC file, you could use that with MyEtherWallet I presume