Since Ethereum went live two and a half years ago, users and developers have often struggled with the usability and building on this new ‘Frontier’ of development.
The issues began almost immediately as the first users of Ethereum had to grapple with a command line interface that was extremely unforgiving of mistakes. It saw thousands of Ether sent to address 0x0, as any transaction with an ill-formed “to” address was interpreted by the client as a send to 0x0.
On Monday November 6th 2017 02:33:47 PM UTC, a vulnerability in the “library” smart contract code, deployed as a shared component of all Parity multi-sig wallets deployed after July 20th 2017, was found by an anonymous user. The user decided to exploit this vulnerability and made himself the “owner” of the library contract. Subsequently, the user destructed this component. Since Parity multi-signature wallets depend on this component, this action blocked funds in 587 wallets holding a total amount of 513,774.16 Ether as well as additional tokens. Subsequent to destroying the library component,
This week, as has been widely reported, a vulnerability in the Parity Wallet library contract of the standard multi-sig contract was found by an anonymous user. This user managed to gain access to the smart contract, effectively making themselves the owner of the contract. Subsequently, the user made the unfortunate move to “suicide” the smart contract underlying the multi-sig wallet which in turn blocked funds of of 587 wallets with a total amount of 513,774.16 Ether. While the funds remain in the affected wallets, the wallets themselves are inaccessible.
Product affected: Parity Wallet (multi-sig wallets)
Summary: A vulnerability in the Parity Wallet library contract of the standard multi-sig contract has been found.
Affected users: Users with assets in a multi-sig wallet created in Parity Wallet that was deployed after 20th July.
Winter may be coming but the moment you’ve all been waiting for has finally arrived: Parity Tech is excited to announce the release of the BIGGER and BETTER 1.8.0. This release will see light client improvements: Proof-of-Authority chain compatibility, even with dynamic authority sets, and also feature compatibility with the Whisper v6 wire protocol.
PICOPS (Parity ICO Passport Service) is a new service, created and hosted by Parity Technologies which enables members of the public worldwide to associate a single Ethereum address with their unique identity; more precisely, the service offers a means to validate that the owner of an Ethereum wallet has passed an ID background check stating that they are not part of a restricted set of users (e.g. US citizen or individuals on official watchlists).
The Parity Bitcoin client (pbtc), released in April this year, is a full-node implementation of the Bitcoin protocol written in Rust. Our team is thrilled to announce its recent upgrade that includes support for SegWit (https://segwit.org/), SegWit2x (https://segwit2x.github.io/) and Bitcoin Cash (https://www.bitcoincash.org/).
It has been all too long since our last release. Some four months have passed since the 1.6 series and over that time we've seen the rise of ETH and BTC, ICO fever hit the streets of Ethereum and an increased presence of Ethereum in the mainstream press.
I can finally announce the 1.7 series. Much has gone on behind the scenes to bring you this release and I very much hope you'll enjoy it.
A quick update on the status of Parity Ethereum client.
As recent events have shown us, it's not always enough to have good programmers, open-source software and peer reviews in order to ensure no critical bugs make it through to release. While users of all Free software should always do ones own auditing of software to a level reflecting the amount it is relied upon, there is inevitably some degree of duplication that this regrettably implies across any given software's user base.
On Wednesday 19th July, 2017 a bug found in the multi-signature wallet ("multi-sig") code used as part of Parity Wallet software was exploited by parties unknown. As of the time of writing, three wallet accounts holding large balances of ETH have been compromised and the balances moved into accounts held by the attacker. The self-titled "White Hat Group" used the same exploit to secure the other compromised wallets within Ethereum, with the stated intention of returning control to the original owners.
Product affected: Parity Wallet
Affected implementations: Parity 1.5 or later
Summary: A vulnerability in Parity Wallet's variant of the standard multi-sig contract has been found.
Affected users: Any user with assets in a multi-sig wallet created in Parity Wallet prior to 19/07/17 23:14:56 CEST.
Mitigation steps: Immediately move assets contained in the multi-sig wallet to a secure address.
It has come to our attention that a small minority of users have misunderstood a function within Parity Wallet, and in doing so have created insecure accounts. TL;DR: Don't use the "RECOVERY PHRASE"/"IMPORT WALLET" function to generate a fresh account. That's not what it's for. If you see the word "import" or "recover" anywhere, then you're not generating anything fresh, you importing something that (is meant to) already exist.
As Spring returns the blood to our blushing chops, I'm happy to come to you with news of our latest release. After a couple of weeks in lovely Castello Tesino on our (apparently) annual winter-sports retreat, Parity 1.6 "Morality, Solidarity, and Virtuosity" is officially out and there's a decent amount to see.
Well, it's that time again, folks. You find me writing this on the train back from our ten day Yuletide retreat-sprint. Most of the team (pictured below) spent 10 days in lovely Lipia Góra. Lest you're not familiar with that place (it is kind of small), I can tell you it's barely a stone's throw away from the glittering lights of Majewo (an outpost sporting both a train station and a shop).
I'm pleased to announce the release of the latest in the series of Parity. As the 1.3 series becomes our stable release with 1.3.10, 1.4 is elevated to beta status.
We've been working on 1.4 for around 10 weeks now, a far longer release cycle than we usually make, but forced upon us due to the uncovered protocol exploits and the attacks based upon them. To make up for this, 1.5 will be a much shorter cycle of around 4 weeks.
It's been a hectic few weeks for Ethereum and for Parity’s dev team. Some rather irresponsible individual found a flaw in the Ethereum protocol; notably several of the EVM’s operations were underpriced by around 100x. This meant they were able to construct transactions which cost relatively little to place on the blockchain but which ate up an awful lot of resources. The outcome of this was to cause most implementations to crash on block number 2,283,416. Just two months ago this would have been a cataclysmic event that would have stopped the network in
Another 7 weeks pass and I'm happy to announce a shiny new release of Parity! It has been a busy time for us (and the community as a whole!) with various events happening and vying for our time. Aside from ad-hoc protocol alterations, we've been working hard on a number of features and the 1.3 "Acuity" release includes some of the first tasters of these, not to mention some of the incremental improvements and fixes some of which have already been released in the (now stable!) 1.2 series.
We have been informed of a website attempting to trick users into downloading a malware infected version of the Parity client.
We, Ethcore (ethcore.io), are NOT AFFILIATED WITH "www.ethcore.info". www.ethcore.info and was registered with the intention of scamming visitors.
As always make sure you examine the security certificate of any site you download software from and be extra vigilant when using Ethereum to keep your antivirus software up to date.
The real Ethcore website has a security certificate:
The latest version of Parity has just been released - this build includes modification for the hard fork, improved performance when syncing and other bug fixes.
If you wish to run Parity without the hard fork you must use the flag:
--chain=homestead-dogmatic until after the hard fork has been resolved.
A shared experience of disbelief flooded through the Ethereum community a few weeks ago - not because hacks are unheard of - but because the sheer scale of this theft seemed to be mind-boggling. Slock.it’s DAO was being drained at around a million dollars a minute and it seemed like the entire contents of the DAO would soon be in the hands of a single malicious individual or group.
Condition-Orientated Programming (COP) is a hybrid approach between functional and imperative programming. Done properly it is a tool in your arsenal for writing safe, secure contracts. It helps make your contract code comprehensively auditable and - loosely speaking - informally provable to have correct run-time operation.
COP is not language specific; it is more of a loose methodology than particular syntax. However, with its function modifiers and events, it is particularly well-suited to the Solidity language.
Simply put, COP has just one main aim:
It has been longer than expected in the coming, but I'm happy to announce at long last the third major release of Parity, codenamed "Security". This release is the culmination of 8 weeks of hard work including three Ethcore development retreats and has seen more people involved in Parity development then ever before.
The major additions for the Security milestone are:
To look at Ethereum social media today you might think that we had somehow been invaded by some obscure political subreddit. Words like ‘principles’, ‘ideologies’, and ‘zealotry’ are being thrown around. It has been somewhat different from the collegial atmosphere that we have enjoyed in the past six months; but it is an inevitable result of the situation we find ourselves in.
There is a debate going on and it is an important one.
Ideally, the DAO developers will find a way to extract the stolen funds without any protocol alterations (aka "hard fork"). However, such a plan, if feasible, will take time to design, test and deploy. If not feasible, an alternative approach will have to be found, quite possibly a minor hard-fork of the core protocol. Either way we have to limit the damage being done - the fastest, most effective way of doing this is through a temporary soft-fork.
Two days ago a flaw was spotted in the contract code of theDAO - specifically a recursive call issue that exists in the function withdrawRewardFor.
At the time, it was thought that this was an annoying bug that meant the reward functionality that would be needed in the long term would not work properly and would require an upgrade to allow Dao Token Holders to get rewards from their investments.
A security flaw in Geth / Mist has been attracting some attention recently mainly because of the size of the loss of Ether suffered by the user affected. Almost 100,000 USD was lost after he sent a transaction to theDAO using a Geth client whose settings had been changed from the default.
A short 6 weeks since Parity 1.0, I'm happy to announce Parity 1.1, codename Alacrity. This is a mid-term release (we're half-way to 1.2 Civility) with mostly "under-the-hood" improvements and optimisations since 1.0.
Our main features for Alacrity are:
So it has been around 7 weeks since the 0.9 prerelease of Parity, which demonstrated the fastest and lightest fully compliant Ethereum block processing engine available. Now, about a week after expected, I'm happy to announce the immediate availability of Parity 1.0 (perhaps a little surprising given the quality of the snow here on the current Parity team retreat).
As the name suggests, this release is mainly about matching the common features of existing clients. As such it brings all requisite functionality to run a functional Ethereum Homestead node, in particular:
So with the latest benchmarks (available to see at parity.io), it's clear Parity has head and shoulders the fastest and lightest Ethereum block processing engine amongst the available clients. But aside from the big numbers, it's nice to understand a bit deeper about what's going on underneath.
This is a quick dive into the differences between Parity and the currently most popular client on the Ethereum network, Geth. I haven't yet done similar stuff for EthereumJ or Eth, though I expect that might be fun, too.