Shaurya Malwa · 6 mins ago · 2 min read
News › Ethereum › Technology
Parity admits to “critical” vulnerability in testnet that could corrupt Ethereum
Alert: Please update your Parity Ethereum clients to 1.11.3-beta or 1.10.6-stable asap. https://t.co/QNxzv74kSF
— Parity Technologies (@ParityTech) June 6, 2018
Reported in a security alert, UK-based Parity Technologies described a “potential consensus-related issue” on its Ropsten testnet:
“In the worst case, submitting a certain malformed transaction (coming from a 0xfff…fff address) to a mining Parity Ethereum node could have caused that node to produce a malformed block, which would still be treated as valid by other affected Parity Ethereum nodes.”
If the error remained unnoticed, users of the Parity Ethereum client would fall out of sync with the wider network — leading to rejected transactions and a chain split. According to the public record of Parity-based Ethereum nodes, this failure would affect nearly a third of the entire Ethereum network.
Now, all users must update to an amended version of the third-party Ethereum client — or they risk corrupting the Ethereum mainnet. Parity appealed to any entity using its software:
“Please update your nodes as soon as possible and then double check that you are running version 1.10.6-stable or 1.11.3-beta.”
Parity Under Fire Once Again
This is not the first time Parity admitted a critical failure. In 2017, the company’s MultiSig Wallet software recorded several multi-million dollar losses.
In the wake of a July 2017 hack for 150,000 ETH, the firm again caused “considerable stress and confusion” when it “accidentally” locked up users’ funds worth over $300 million.
The full statement and update can be found on our website https://t.co/dBfLnrYIMB. If you would like to check if your wallet has been affected pls visit: https://t.co/kmQjKKuZRI pic.twitter.com/NZbAFpcbWj
— Parity Technologies (@ParityTech) November 8, 2017
Although Parity expressed deep remorse for the latter error, the failure seemingly could have been avoided. In a confession titled a “Postmortem,” Parity admitted to neglecting a warning of the vulnerability in August — nearly three months before the “MultiSig Library Self-Destruct”:
“In August, a Github contributor called “3esmit” recommended a code change that initWallet should be called when being deployed which at the time was considered a convenience enhancement.”
Parity’s latest blunder is now remedied. However, one may wonder how many misgivings users can tolerate before losing faith. As institutions and individuals are seduced with faster, more robust blockchains, the Ethereum Foundation may begin eliminating the weak links.
Get an edge on the cryptoasset market
Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.
Join now for $19/month Explore all benefits