Blog

  • On Classes of Stuck Ether and Potential Solutions

    A Brief History

    Since Ethereum went live two and a half years ago, users and developers have often struggled with the usability and building on this new ‘Frontier’ of development.

    The issues began almost immediately as the first users of Ethereum had to grapple with a command line interface that was extremely unforgiving of mistakes. It saw thousands of Ether sent to address 0x0, as any transaction with an ill-formed “to” address was interpreted by the client as a send to 0x0.

  • A Postmortem on the Parity Multi-Sig Library Self-Destruct

    On Monday November 6th 2017 02:33:47 PM UTC, a vulnerability in the “library” smart contract code, deployed as a shared component of all Parity multi-sig wallets deployed after July 20th 2017, was found by an anonymous user. The user decided to exploit this vulnerability and made himself the “owner” of the library contract. Subsequently, the user destructed this component. Since Parity multi-signature wallets depend on this component, this action blocked funds in 587 wallets holding a total amount of 513,774.16 Ether as well as additional tokens. Subsequent to destroying the library component,

  • Parity Technologies Multi-Sig Wallet Issue Update

    This week, as has been widely reported, a vulnerability in the Parity Wallet library contract of the standard multi-sig contract was found by an anonymous user. This user managed to gain access to the smart contract, effectively making themselves the owner of the contract. Subsequently, the user made the unfortunate move to “suicide” the smart contract underlying the multi-sig wallet which in turn blocked funds of of 587 wallets with a total amount of 513,774.16 Ether. While the funds remain in the affected wallets, the wallets themselves are inaccessible.

  • Security Alert

    Severity: Critical

    Product affected: Parity Wallet (multi-sig wallets)

    Summary: A vulnerability in the Parity Wallet library contract of the standard multi-sig contract has been found.

    Affected users: Users with assets in a multi-sig wallet created in Parity Wallet that was deployed after 20th July.

  • Announcing Parity 1.8

    Winter may be coming but the moment you’ve all been waiting for has finally arrived: Parity Tech is excited to announce the release of the BIGGER and BETTER 1.8.0. This release will see light client improvements: Proof-of-Authority chain compatibility, even with dynamic authority sets, and also feature compatibility with the Whisper v6 wire protocol.

  • Parity Technologies launches PICOPS!

    PICOPS (Parity ICO Passport Service) is a new service, created and hosted by Parity Technologies which enables members of the public worldwide to associate a single Ethereum address with their unique identity; more precisely, the service offers a means to validate that the owner of an Ethereum wallet has passed an ID background check stating that they are not part of a restricted set of users (e.g. US citizen or individuals on official watchlists).

  • Parity Bitcoin is now supporting SegWit, SegWit2x and Bitcoin Cash

    The Parity Bitcoin client (pbtc), released in April this year, is a full-node implementation of the Bitcoin protocol written in Rust. Our team is thrilled to announce its recent upgrade that includes support for SegWit (https://segwit.org/), SegWit2x (https://segwit2x.github.io/) and Bitcoin Cash (https://www.bitcoincash.org/).

  • Announcing Parity 1.7

    It has been all too long since our last release. Some four months have passed since the 1.6 series and over that time we've seen the rise of ETH and BTC, ICO fever hit the streets of Ethereum and an increased presence of Ethereum in the mainstream press.

    I can finally announce the 1.7 series. Much has gone on behind the scenes to bring you this release and I very much hope you'll enjoy it.

    Around half of the Parity team, on retreat in Ibiza

    Light Client

  • Security Update

    A quick update on the status of Parity Ethereum client.

    Bug Bounty

  • Announcing the Bug Bounty Program

    As recent events have shown us, it's not always enough to have good programmers, open-source software and peer reviews in order to ensure no critical bugs make it through to release. While users of all Free software should always do ones own auditing of software to a level reflecting the amount it is relied upon, there is inevitably some degree of duplication that this regrettably implies across any given software's user base.

  • The Multi-sig Hack: A Postmortem

    On Wednesday 19th July, 2017 a bug found in the multi-signature wallet ("multi-sig") code used as part of Parity Wallet software was exploited by parties unknown. As of the time of writing, three wallet accounts holding large balances of ETH have been compromised and the balances moved into accounts held by the attacker. The self-titled "White Hat Group" used the same exploit to secure the other compromised wallets within Ethereum, with the stated intention of returning control to the original owners.

  • Security Alert

    Severity: Critical

    Product affected: Parity Wallet

    Affected implementations: Parity 1.5 or later

    Summary: A vulnerability in Parity Wallet's variant of the standard multi-sig contract has been found.

    Affected users: Any user with assets in a multi-sig wallet created in Parity Wallet prior to 19/07/17 23:14:56 CEST.

    Mitigation steps: Immediately move assets contained in the multi-sig wallet to a secure address.

  • Restoring & blank seed phrase

    It has come to our attention that a small minority of users have misunderstood a function within Parity Wallet, and in doing so have created insecure accounts. TL;DR: Don't use the "RECOVERY PHRASE"/"IMPORT WALLET" function to generate a fresh account. That's not what it's for. If you see the word "import" or "recover" anywhere, then you're not generating anything fresh, you importing something that (is meant to) already exist.

  • Announcing Parity 1.6

    As Spring returns the blood to our blushing chops, I'm happy to come to you with news of our latest release. After a couple of weeks in lovely Castello Tesino on our (apparently) annual winter-sports retreat, Parity 1.6 "Morality, Solidarity, and Virtuosity" is officially out and there's a decent amount to see.

    The shoe fund could only support Marek this year :(

  • Announcing Parity 1.5

    Well, it's that time again, folks. You find me writing this on the train back from our ten day Yuletide retreat-sprint. Most of the team (pictured below) spent 10 days in lovely Lipia Góra. Lest you're not familiar with that place (it is kind of small), I can tell you it's barely a stone's throw away from the glittering lights of Majewo (an outpost sporting both a train station and a shop).

    The team in Lipia Góra

  • Announcing Parity 1.4

    I'm pleased to announce the release of the latest in the series of Parity. As the 1.3 series becomes our stable release with 1.3.10, 1.4 is elevated to beta status.

    We've been working on 1.4 for around 10 weeks now, a far longer release cycle than we usually make, but forced upon us due to the uncovered protocol exploits and the attacks based upon them. To make up for this, 1.5 will be a much shorter cycle of around 4 weeks.

    Core Strength

  • Onwards

    It's been a hectic few weeks for Ethereum and for Parity’s dev team. Some rather irresponsible individual found a flaw in the Ethereum protocol; notably several of the EVM’s operations were underpriced by around 100x. This meant they were able to construct transactions which cost relatively little to place on the blockchain but which ate up an awful lot of resources. The outcome of this was to cause most implementations to crash on block number 2,283,416. Just two months ago this would have been a cataclysmic event that would have stopped the network in

  • Announcing Parity 1.3

    Another 7 weeks pass and I'm happy to announce a shiny new release of Parity! It has been a busy time for us (and the community as a whole!) with various events happening and vying for our time. Aside from ad-hoc protocol alterations, we've been working hard on a number of features and the 1.3 "Acuity" release includes some of the first tasters of these, not to mention some of the incremental improvements and fixes some of which have already been released in the (now stable!) 1.2 series.

  • Warning http://www.ethcore.info is hosting malware

    We have been informed of a website attempting to trick users into downloading a malware infected version of the Parity client.

    We, Ethcore (ethcore.io), are NOT AFFILIATED WITH "www.ethcore.info". www.ethcore.info and was registered with the intention of scamming visitors.

    As always make sure you examine the security certificate of any site you download software from and be extra vigilant when using Ethereum to keep your antivirus software up to date.

    The real Ethcore website has a security certificate:

    Valid Certificate

  • Parity 1.2.2 released - Hard fork enabled

    Get the latest Parity here.

    The latest version of Parity has just been released - this build includes modification for the hard fork, improved performance when syncing and other bug fixes.

    If you wish to run Parity without the hard fork you must use the flag: --chain=homestead-dogmatic until after the hard fork has been resolved.

    How to use Parity with the Ethereum Wallet

    Click here for a video tutorial for running parity on windows

  • In support of a hard fork

    An opinion of Ethcore

    A shared experience of disbelief flooded through the Ethereum community a few weeks ago - not because hacks are unheard of - but because the sheer scale of this theft seemed to be mind-boggling. Slock.it’s DAO was being drained at around a million dollars a minute and it seemed like the entire contents of the DAO would soon be in the hands of a single malicious individual or group.

  • The DOS vector and the Soft Fork for Miners

    Griefing the network

    Recent blog posts have highlighted a previously noted issue with the type of transaction-blocking that the soft fork uses to freeze access to the DAO's funds. Namely that any transaction which results in a call being made to the DAO shouldn’t be included in a block.

  • Condition-Oriented Programming

    Condition-Orientated Programming

    Condition-Orientated Programming (COP) is a hybrid approach between functional and imperative programming. Done properly it is a tool in your arsenal for writing safe, secure contracts. It helps make your contract code comprehensively auditable and - loosely speaking - informally provable to have correct run-time operation.

    COP is not language specific; it is more of a loose methodology than particular syntax. However, with its function modifiers and events, it is particularly well-suited to the Solidity language.

    Simply put, COP has just one main aim:

  • Announcing Parity 1.2

    It has been longer than expected in the coming, but I'm happy to announce at long last the third major release of Parity, codenamed "Security". This release is the culmination of 8 weeks of hard work including three Ethcore development retreats and has seen more people involved in Parity development then ever before.

    The major additions for the Security milestone are:

    • Windows build.
    • IPC/RPC support.
    • Signing UI.
    • Dapp-hosting.
    • Optimised mining support.
    • Transaction-tracing support.
    • DAO soft-fork support.
  • How we find common ground and settle our differences.

    To look at Ethereum social media today you might think that we had somehow been invaded by some obscure political subreddit. Words like ‘principles’, ‘ideologies’, and ‘zealotry’ are being thrown around. It has been somewhat different from the collegial atmosphere that we have enjoyed in the past six months; but it is an inevitable result of the situation we find ourselves in.

    There is a debate going on and it is an important one.

  • Our DAO Response

    What can be done?

    Ideally, the DAO developers will find a way to extract the stolen funds without any protocol alterations (aka "hard fork"). However, such a plan, if feasible, will take time to design, test and deploy. If not feasible, an alternative approach will have to be found, quite possibly a minor hard-fork of the core protocol. Either way we have to limit the damage being done - the fastest, most effective way of doing this is through a temporary soft-fork.

  • Attack on The DAO: What will be your response?

    Two days ago a flaw was spotted in the contract code of theDAO - specifically a recursive call issue that exists in the function withdrawRewardFor.

    https://forum.daohub.org/t/bug-discovered-in-mkr-token-contract-also-affects-thedao-would-allow-users-to-steal-rewards-from-thedao-by-calling-recursively/4947/7

    At the time, it was thought that this was an annoying bug that meant the reward functionality that would be needed in the long term would not work properly and would require an upgrade to allow Dao Token Holders to get rewards from their investments.

  • Parity: Stepping Up the Security Model 1: A modular approach to transaction signing

    A security flaw in Geth / Mist has been attracting some attention recently mainly because of the size of the loss of Ether suffered by the user affected. Almost 100,000 USD was lost after he sent a transaction to theDAO using a Geth client whose settings had been changed from the default.

  • Announcing Parity 1.1

    A short 6 weeks since Parity 1.0, I'm happy to announce Parity 1.1, codename Alacrity. This is a mid-term release (we're half-way to 1.2 Civility) with mostly "under-the-hood" improvements and optimisations since 1.0.

    Our main features for Alacrity are:

    • New JSONRPC APIs for tracking, tracing and inspecting all message-calls and balance transfers, including those that happen as "internal transactions";
  • Parity 1.0 is here!

    So it has been around 7 weeks since the 0.9 prerelease of Parity, which demonstrated the fastest and lightest fully compliant Ethereum block processing engine available. Now, about a week after expected, I'm happy to announce the immediate availability of Parity 1.0 (perhaps a little surprising given the quality of the snow here on the current Parity team retreat).

    As the name suggests, this release is mainly about matching the common features of existing clients. As such it brings all requisite functionality to run a functional Ethereum Homestead node, in particular:

  • Performance Analysis

    So with the latest benchmarks (available to see at parity.io), it's clear Parity has head and shoulders the fastest and lightest Ethereum block processing engine amongst the available clients. But aside from the big numbers, it's nice to understand a bit deeper about what's going on underneath.

    This is a quick dive into the differences between Parity and the currently most popular client on the Ethereum network, Geth. I haven't yet done similar stuff for EthereumJ or Eth, though I expect that might be fun, too.