Improve Ethereum Security to gain more user trust
Nov 18, 2017 Posted / 3113 Views
How a kid Deleted $300 million by Playing Around with Parity Ethereum Smart Contract
Ethereum once more went through hell again this time the figure being gravely bigger than all the other small major financial losses Ethereum has ever made. Ethers worth $300 million were just locked out of access in a multisig smart contract wallet provided by Parily, a big fish in the Ethereum wall like the Blockchain.info of Ethereum. I hope you have felt the gravity of the situation we are talking about here. Hundreds of Cryptocurrency companies banking there money in Ether with Parity loss access to their accounts because of a user mistake triggered by a bug in the parity wallet code. Awkward right? That is still not all of it, the sad news Parity detected a bug and applied a patch to it and the bug that exposed the wallet to the loss of loosing $300 million was in the update. So technically speaking Parity tried to correct a mistake with another grave mistake.
Some people easily started accusing the user only known as Devops199 for intentionally locking out the stacks of money. But according to threads Devops199 seen in the parity Github repository showed that he was only exploring what he could do. So Devops199 did not steal the money he killed a smart contract having signatures for the money. Devops199 warned Parity before on the same platform (Github) that anybody could kill their smart contract. To confirm his assertion he had to do it to prove that it can be done.
The function that gives leverage to owners of the smart contract gain access to their wallet was completely deleted rendering the Ethereum locked up and completely useless permanently. The user didn't understand what he had just done. He goes ahead to ask another user if the Ethereum would be able to be transferred by their owners. Another user replied him saying he had actually burnt down a load of cash.Devops199 admits that he was a new kid to Ethereum and was just learning the cryptocurrency.
Shortly after mistake that deleted the smart-contract function on the parity wallet, Parity announced a possible security looped in its wallet which could Temporarily impair transactions. Parity security warning said,
“we regret the incident that happened to our wallet yesterday causing a lot of stress and confusion to our wallet holders and Ethereum community at large. We are full aware of the situation and are exploring all possible solutions and implications of the event.”
According the statement we just quoted up here indicates that Parity was not able to immediately provide a solution to fix the problem. The good news is the Ethereum was not deleted but the key that would be used to access them was rendering the Ethereum useless.
The most viable solution to this crisis is a hard fork of the Ethereum software mainnet. Just like it happened during the DAO hack where loads of money was stolen. Ethereum had a controversial Hard fork which created Ethereum Classic, the fork although not allowed by some members of the community helped in recovering the lost Ethereum. A portion of the community who believed that original code was a law and a law could not be changed just to favor one individual remained using the old Ethereum Software. Parity may try to convince Ethereum to go for another fork all together to recover the funds but I believe Ethereum is not ready for another split within it's community.
Ethereum smart-contract design was based on the need of allowing lots of other software to be programmed and deployed on it. How ever lots of vulnerabilities have been recorded from this smart-contract design. If the this designed is not reviewed carefully large sums of money be still be vulnerable to losses in the future. Although the Ethereum Foundation likes bragging about their Turing-complete design choice they forget that his design has so far exposed over a haft billion dollar of funds worth of ether to be compromised.
The design idea allows untrusted developers to try to infiltrate the system. Consider the case of parity wallet provider. Parity is owned by one of the top professionals and a co founder of Ethereum Mr. Gavin Wood. Indicating that a developer of such caliber could not secure user funds in his wallet platform we should all agree that there is a problem with the system in this case smart-contract design.
Applancer is an open platform for discussion on all things like Blockchain , Cryptocurrency and Ico news updates. As such, the opinions expressed in this article are the author's own and do not necessarily reflect the view of Applancer .
Hottest Blockchain Newsletter
For updates and exclusive offers, enter your e-mail below.