<Prev | [Index] | Next>

Date: Thu, 9 Nov 2017 16:23:53 -0500


Following the fix for the original multi-sig vulnerability that had been exploited on 19th of July (function visibility), a new version of the Parity
Wallet library contract was deployed on 20th of July. Unfortunately, that code contained another vulnerability which was undiscovered at the time.

And a newbie developer "accidentally" tripped over that vulnerability, and erased *other* people's wallets.

More here:



>From that last link:

When I reached devops199 [the newbie developer] for comment on the
incident, they replied, "Sorry! I'm really afraid now can't talk."

RISK 1: Are you sure that patch you are in a hurry to release doesn't
contain some new flaw?

RISK 2: New technology has all sorts of unexpected failure modes.

<Prev | [Index] | Next>