sgolson@trilobyte.com
Date: Thu, 9 Nov 2017 16:23:53 -0500
https://paritytech.io/blog/security-alert.html
Following the fix for the original multi-sig vulnerability that had been
exploited on 19th of July (function visibility), a new version of the Parity
Wallet library contract was deployed on 20th of July. Unfortunately, that
code contained another vulnerability which was undiscovered at the time.
And a newbie developer "accidentally" tripped over that vulnerability, and erased *other* people's wallets.
More here:
https://cointelegraph.com/news/accidentally-killed-it-parity-grapples-with-280-mln-locked-eth
https://motherboard.vice.com/en_us/article/ywbqmg/parity-multi-signature-wallet-vulnerability-300-million-hard-fork
>From that last link:
When I reached devops199 [the newbie developer] for comment on the
incident, they replied, "Sorry! I'm really afraid now can't talk."
RISK 1: Are you sure that patch you are in a hurry to release doesn't
contain some new flaw?
RISK 2: New technology has all sorts of unexpected failure modes.