Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 27 2020 15:09
    ordian labeled #11527
  • Feb 27 2020 15:09
    ordian opened #11527
  • Feb 27 2020 15:09
    ordian labeled #11527
  • Feb 27 2020 14:57
    niklasad1 closed #11508
  • Feb 27 2020 14:57
    niklasad1 commented #11508
  • Feb 27 2020 14:56
    niklasad1 labeled #11508
  • Feb 27 2020 14:38

    ordian on ao-github-actions

    initial github actions (compare)

  • Feb 27 2020 13:07
    s3krit synchronize #11525
  • Feb 27 2020 13:07

    s3krit on mp-de-parityify

    sed magic find . -type f -exec… (compare)

  • Feb 27 2020 12:57
    ordian labeled #11514
  • Feb 27 2020 12:57
    ordian unlabeled #11514
  • Feb 27 2020 12:56

    ordian on perf

    (compare)

  • Feb 27 2020 12:56

    ordian on master

    Faster kill_garbage (#11514) *… (compare)

  • Feb 27 2020 12:56
    ordian closed #11514
  • Feb 27 2020 11:22

    ordian on na-engine-signer-dont-use-msg-only-zeroes

    (compare)

  • Feb 27 2020 11:22

    ordian on master

    [EngineSigner]: don't sign mess… (compare)

  • Feb 27 2020 11:22
    ordian closed #11524
  • Feb 27 2020 11:22
    ordian closed #11521
  • Feb 27 2020 10:58
    niklasad1 synchronize #11524
  • Feb 27 2020 10:58

    niklasad1 on na-engine-signer-dont-use-msg-only-zeroes

    forgot formatting change (compare)

Gav Wood
@gavofyork
@KurtKnudsen sure
PumperProphet
@PumperProphet_twitter
hmm
Manuel Aráoz
@maraoz
@gavofyork I'd like to have more details to assess if OpenZeppelin's multisig wallet (based on your original implementation) is affected. Will PM
PumperProphet
@PumperProphet_twitter
how much u guys think eth price will drop?
Danny Ryan
@djrtwo
/r/ethtrader for price discussion
Woodman
@btcmacroecon
id like to get some help to transition a registered name to the rightful owner of the contract and do it right for a jez, could i ask a favor to make it happen or is there a ticket I should fill out? can't remember where
could use third party to help arrive at best way
Any opportunity to turn it into a tutorial?
federico
@federico44_twitter
@danielwalton me, is that even a thing on parity?
i cant see some token that are in my wallet
Jordan Earls
@Earlz
When will details about the security issue in wallet.sol be released?
Joseph
@yozef
@gavofyork I'd like to have more details to assess if OpenZeppelin's multisig wallet (based on your original implementation) is affected. Will PM
+1
Jordan Earls
@Earlz
I'm betting on it being a reentrancy issue, most popular reason to date for smart contract exploits
TSWesselius
@TSWesselius
At this moment, are chances larger that multisig funds of an affected contract are stolen or saved by a white hat move ?
Anondran
@anondran_twitter
When is the Hard Fork?
Gav Wood
@gavofyork
@maraoz / @Earlz the issue is not with the basic wallet, but rather an altered version that Parity deployed as a library.
specific details will be published asap
Micah Zoltu
@MicahZoltu
@TSWesselius I believe there are 3 accounts confirmed to be liquidated by black hats. I suspect the remainder have been liquidated by white hats.
Though, at this point most information is speculation by Twitter/Reddit.
Jordan Earls
@Earlz
Is the code for that open source somewhere? I see lots of wallet.sol implementations, but not as libraries
Micah Zoltu
@MicahZoltu
This is what Parity links to when you use the UI to create a new multi-sig wallet: https://github.com/paritytech/parity/blob/master/js/src/contracts/snippets/enhanced-wallet.sol
Jordan Earls
@Earlz
ah that looks like it
FundYourselfNow
@FundYourselfNow_twitter
hi
Jordan Earls
@Earlz
Wow, wonder if we'll see a fork to revert this like they did with the DAO
Chris Padovano
@decentralizedlegal
We will not.
Woodman
@btcmacroecon
i just found an old mist address. I have the UTC file. Where can I get private key out of that, I'd prefer deal with private key and import that into Parity. Or what to do to get json?
boarddavid
@boarddavid
If you have the UTC file, you could use that with MyEtherWallet I presume
Woodman
@btcmacroecon
i just tried that and hit the button and did nothing, i can try again
boarddavid
@boarddavid
Hmmm ok
Woodman
@btcmacroecon
i got script error!
boarddavid
@boarddavid
Strange
Sec let me check to see if there is a way to open the UTC file in an editor or something
Woodman
@btcmacroecon
ill try again! im just excited i found it, and 4 tokens on there!
Oleksii Matiiasevych
@lastperson
boarddavid
@boarddavid
You can open a UTC file in a notepad editor, and its plain-text, so you can look for the Priv Key or whatever you need that way @btcmacroecon
Woodman
@btcmacroecon
can i see the priv key in UTC version?
Jordan Earls
@Earlz
looking at some txs by that address, they're calling initWallet... shouldn't that be impossible/private? https://etherscan.io/tx/0xf9a27f00ace343ca113ac7a828c1af0175aa726c32236d67b256c2110d691d6e
Tienus
@Tienus
Someone pulling tokens from multisig wallets on https://etherscan.io/address/0x1dba1131000664b884a1ba238464159892252d3a?
boarddavid
@boarddavid
I'm not sure @btcmacroecon sorry
Tienus
@Tienus
Minus the ?, apologies. Does that look like another blackhat adress?
Jonathan Dahan
@jedahan
default wallet created by parity is not multisig, correct?
like even if i create sub-wallets based on the regular one?
boarddavid
@boarddavid
Correct Jonathan
Oleksii Matiiasevych
@lastperson
@Tienus I think it is parity tech guys, trying to save the day
boarddavid
@boarddavid
This is to do with an actual contract issue, i.e. you can make a contract with a multi-sig function I think
Oleksii Matiiasevych
@lastperson
@Earlz it should, but there is a:
// gets called when no other function matches
  function() payable {
    // just being sent some cash?
    if (msg.value > 0)
      Deposit(msg.sender, msg.value);
    else if (msg.data.length > 0)
      _walletLibrary.delegatecall(msg.data);
  }
Woodman
@btcmacroecon
priv key is cyphertext or salt?
oh what the hell i try both
Tienus
@Tienus
@lastperson Are you sure? Maybe someone can confirm? The tokens balances are massive.
Jonathan Dahan
@jedahan
(ideal-pragmatic?) future scenario: parity uses the exploit to proactively vacuum up all the vulnerable accounts, then sends back the money?