Parity has admitted that it was planning to take steps that would have averted the freezing of over 500,000 Ether, but that it failed to do so in time because it did not realize the urgency of the problem.
Parity, the company that made headlines when an anonymous user took ownership of and suicided the EDCC that served as a library contract in some of its wallets, effectively freezing some 513,774.16 Ether belonging to 573 users, has analyzed the incident in a November 15 post-mortem.
According to the report, Parity could have averted the freeze if it had been faster to follow a suggestion by a GitHub user who proposed that the next time the company revised the code of the library contract (by copying the existing code, modifying it, and deploying the contract anew), it should call the initWallet function, which would have prevented any non-company actor from obtaining ownership of the contract. Parity’s statement says it incorporated the function in the contract’s constructor, meaning that an owner would have been automatically assigned when the library contract was redeployed. However, because the company considered the fix a “convenience enhancement,” it delayed its implementation, bundling it with “a regular update” that would be rolled out “at a future point in time.” In fact, because the library contract is architected to deploy only once, Parity could have called the initWallet function at any time, not just after the implementation of an update, and it would have removed the vulnerability that allowed the freeze to occur. Furthermore, by applying the code changes suggested by an unaffiliated developer who started the above-mentioned GitHub thread by proposing a different set of modifications to the contract, the company could have avoided its current predicament.
Parity says that while the “original ‘Foundation’ multi-sig wallet code … continues to have no known security issues,” the library contract, built by modifying a copy of that code, “still contained the original self-destruct function that is designed for retiring the wallet” and, like the wallet from which it was cloned, “required initialization.” Therefore, the company admits, it could have also precluded the freeze by eliminating the ability to suicide from the library contract.
Looking ahead, the post said,
“However, rather than just having more audits, we strongly believe that more extensive and formal procedures and tooling around the deployment, monitoring and testing of contracts will be needed to achieve security. We believe that the entire ecosytem [sic] as a whole is in urgent need of such procedures and tooling to prevent similar issues from happening again, in particular if and when the number and complexity of live contracts grows.”
The Parity team, according to the post-mortem, is “working hard on several Ethereum improvement proposals” (EIPs). According to a November 13 announcement, this includes EIP156, which was originally proposed by Ethereum creator Vitalik Buterin. ETHNews previously reported that the Ethereum Foundation’s head of security, Martin Swende, suggested modifications to EIP156 in the wake of the freeze. The post-mortem states that “Parity Technologies will handle much of the development work around these proposals and work constructively with the Ethereum Foundation team and the community towards further protocol layer development.” Swende had previously told ETHNews that he hopes “the discussion [around how to proceed] can be carried forward without the foundation acting as a central authority.”
Parity concluded its post-mortem with a list of additional steps that it is taking in response to the suiciding of the library contract. First and foremost among these is freezing “the ability to deploy multi-sig wallets until … we can be confident this will not happen again.” Parity will also commission a “full-stack external security audit of all existing sensitive code” to identify any existing vulnerabilities and will ensure that moving forward, “all necessary contract deployments are adequately linked to [a] code alteration and review process,” one that is expected to involve a “checklist for deployment.” Additionally, the firm will support research on “other smart contract languages and tooling,” and “extend [its] bug bounty program.”