Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 27 2020 15:09
    ordian labeled #11527
  • Feb 27 2020 15:09
    ordian opened #11527
  • Feb 27 2020 15:09
    ordian labeled #11527
  • Feb 27 2020 14:57
    niklasad1 closed #11508
  • Feb 27 2020 14:57
    niklasad1 commented #11508
  • Feb 27 2020 14:56
    niklasad1 labeled #11508
  • Feb 27 2020 14:38

    ordian on ao-github-actions

    initial github actions (compare)

  • Feb 27 2020 13:07
    s3krit synchronize #11525
  • Feb 27 2020 13:07

    s3krit on mp-de-parityify

    sed magic find . -type f -exec… (compare)

  • Feb 27 2020 12:57
    ordian labeled #11514
  • Feb 27 2020 12:57
    ordian unlabeled #11514
  • Feb 27 2020 12:56

    ordian on perf

    (compare)

  • Feb 27 2020 12:56

    ordian on master

    Faster kill_garbage (#11514) *… (compare)

  • Feb 27 2020 12:56
    ordian closed #11514
  • Feb 27 2020 11:22

    ordian on na-engine-signer-dont-use-msg-only-zeroes

    (compare)

  • Feb 27 2020 11:22

    ordian on master

    [EngineSigner]: don't sign mess… (compare)

  • Feb 27 2020 11:22
    ordian closed #11524
  • Feb 27 2020 11:22
    ordian closed #11521
  • Feb 27 2020 10:58
    niklasad1 synchronize #11524
  • Feb 27 2020 10:58

    niklasad1 on na-engine-signer-dont-use-msg-only-zeroes

    forgot formatting change (compare)

Woodman
@btcmacroecon
id like to get some help to transition a registered name to the rightful owner of the contract and do it right for a jez, could i ask a favor to make it happen or is there a ticket I should fill out? can't remember where
could use third party to help arrive at best way
Any opportunity to turn it into a tutorial?
federico
@federico44_twitter
@danielwalton me, is that even a thing on parity?
i cant see some token that are in my wallet
Jordan Earls
@Earlz
When will details about the security issue in wallet.sol be released?
Joseph
@yozef
@gavofyork I'd like to have more details to assess if OpenZeppelin's multisig wallet (based on your original implementation) is affected. Will PM
+1
Jordan Earls
@Earlz
I'm betting on it being a reentrancy issue, most popular reason to date for smart contract exploits
TSWesselius
@TSWesselius
At this moment, are chances larger that multisig funds of an affected contract are stolen or saved by a white hat move ?
Anondran
@anondran_twitter
When is the Hard Fork?
Gav Wood
@gavofyork
@maraoz / @Earlz the issue is not with the basic wallet, but rather an altered version that Parity deployed as a library.
specific details will be published asap
Micah Zoltu
@MicahZoltu
@TSWesselius I believe there are 3 accounts confirmed to be liquidated by black hats. I suspect the remainder have been liquidated by white hats.
Though, at this point most information is speculation by Twitter/Reddit.
Jordan Earls
@Earlz
Is the code for that open source somewhere? I see lots of wallet.sol implementations, but not as libraries
Micah Zoltu
@MicahZoltu
This is what Parity links to when you use the UI to create a new multi-sig wallet: https://github.com/paritytech/parity/blob/master/js/src/contracts/snippets/enhanced-wallet.sol
Jordan Earls
@Earlz
ah that looks like it
FundYourselfNow
@FundYourselfNow_twitter
hi
Jordan Earls
@Earlz
Wow, wonder if we'll see a fork to revert this like they did with the DAO
Chris Padovano
@decentralizedlegal
We will not.
Woodman
@btcmacroecon
i just found an old mist address. I have the UTC file. Where can I get private key out of that, I'd prefer deal with private key and import that into Parity. Or what to do to get json?
boarddavid
@boarddavid
If you have the UTC file, you could use that with MyEtherWallet I presume
Woodman
@btcmacroecon
i just tried that and hit the button and did nothing, i can try again
boarddavid
@boarddavid
Hmmm ok
Woodman
@btcmacroecon
i got script error!
boarddavid
@boarddavid
Strange
Sec let me check to see if there is a way to open the UTC file in an editor or something
Woodman
@btcmacroecon
ill try again! im just excited i found it, and 4 tokens on there!
Oleksii Matiiasevych
@lastperson
boarddavid
@boarddavid
You can open a UTC file in a notepad editor, and its plain-text, so you can look for the Priv Key or whatever you need that way @btcmacroecon
Woodman
@btcmacroecon
can i see the priv key in UTC version?
Jordan Earls
@Earlz
looking at some txs by that address, they're calling initWallet... shouldn't that be impossible/private? https://etherscan.io/tx/0xf9a27f00ace343ca113ac7a828c1af0175aa726c32236d67b256c2110d691d6e
Tienus
@Tienus
Someone pulling tokens from multisig wallets on https://etherscan.io/address/0x1dba1131000664b884a1ba238464159892252d3a?
boarddavid
@boarddavid
I'm not sure @btcmacroecon sorry
Tienus
@Tienus
Minus the ?, apologies. Does that look like another blackhat adress?
Jonathan Dahan
@jedahan
default wallet created by parity is not multisig, correct?
like even if i create sub-wallets based on the regular one?
boarddavid
@boarddavid
Correct Jonathan
Oleksii Matiiasevych
@lastperson
@Tienus I think it is parity tech guys, trying to save the day
boarddavid
@boarddavid
This is to do with an actual contract issue, i.e. you can make a contract with a multi-sig function I think
Oleksii Matiiasevych
@lastperson
@Earlz it should, but there is a:
// gets called when no other function matches
  function() payable {
    // just being sent some cash?
    if (msg.value > 0)
      Deposit(msg.sender, msg.value);
    else if (msg.data.length > 0)
      _walletLibrary.delegatecall(msg.data);
  }
Woodman
@btcmacroecon
priv key is cyphertext or salt?
oh what the hell i try both
Tienus
@Tienus
@lastperson Are you sure? Maybe someone can confirm? The tokens balances are massive.
Jonathan Dahan
@jedahan
(ideal-pragmatic?) future scenario: parity uses the exploit to proactively vacuum up all the vulnerable accounts, then sends back the money?
can't imagine anything better now that this is out in the wild
hard forks are :(
Oleksii Matiiasevych
@lastperson
@Tienus initial attack was 8 hours ago. Current one 2 hours ago, I'm almost certain that it is a white hat.
they are sending tx's to all matching contracts
Woodman
@btcmacroecon
id like to be the ethereum version of dog the bounty hunter