Back to blog

Security Update

A quick update on the status of Parity Ethereum client.

Bug Bounty

There is now a significant amount in our bug bounty programme (many thanks to all contributors). As mentioned in a previous post, critical security bugs in the latest versions of Parity, both beta and stable branches, are valid targets for bounty-collecting reports. The multi-sig wallet, in particular, should be considered a prime target for review and any significant bug will attract a large proportion of the bounty. Any bugs found should be reported to [email protected]

Multi-sig Wallet

Several minor changes have been made to the Parity multi-sig, mainly to enable compilation by later versions of Solidity. We understand the "white hat group" is using this code to return some of the funds they temporarily commandeered. After code reviews by many of our developers, there are no known issues. The bug bounty programme is active and we have so far had no issues reported.

Please Upgrade!

Though we try to be as thorough as a bleeding-edge software project can be, bugs sometimes creep into our codebase and, as recent events show, left unchecked these can have significant impacts in the wild. Older versions of Parity can have known bugs (generally mentioned in the release notes): if you are using Parity for anything of any significant value please do ensure that you are running the latest version to minimise the chances of any problems and establish procedures according to the value as risk.

Read more

  • On Classes of Stuck Ether and Potential Solutions

    A Brief History

    Since Ethereum went live two and a half years ago, users and developers have often struggled with the usability and building on this new ‘Frontier’ of development.

    The issues began almost immediately as the first users of Ethereum had to grapple with a command line interface that was extremely unforgiving of mistakes.

  • A Postmortem on the Parity Multi-Sig Library Self-Destruct

    On Monday November 6th 2017 02:33:47 PM UTC, a vulnerability in the “library” smart contract code, deployed as a shared component of all Parity multi-sig wallets deployed after July 20th 2017, was found by an anonymous user. The user decided to exploit this vulnerability and made himself the “owner” of the library contract. Subsequently, the user destructed this component.

  • Parity Technologies Multi-Sig Wallet Issue Update

    This week, as has been widely reported, a vulnerability in the Parity Wallet library contract of the standard multi-sig contract was found by an anonymous user. This user managed to gain access to the smart contract, effectively making themselves the owner of the contract.

Back to blog