Case of frozen atherium: The wallet company knew about the blame for the month but the patches were delayed

in bit •  6 years ago 

12121.jpeg

Last week, the impairing enabling user for "millions of dollars" was submitted to Ether in Ether, but was delayed by a patch company. In a report published by an atharium wallet company, the firm has said that it became aware of coding defects in August, but it is considered "feature enhancement" delay in its patches for regular future updates.

Parity knew about the critical Ethereum coding flaw for months before it was exploited

The defect enabled the user to call a function called "initWallet" to become the owner of a multi-signature wallet, after which he had called the "kill" function, it had destroyed it and other multi-scale wallet.

"In August, a pied contender, called" 3 Summate ", has recommended a code change that init wallet should be called upon to be deployed at that time, which was considered a facility enhancement at that time." In this way, we have been in the library contract This proposed commitment has been committed that will start automatically by calling init wallet on construction. "

Devops199 is said to be the killing ceremony, estimated $ 300 million dollars were frozen. Equality has kept this figure close to $ 170 million (in today's ETH rates) because it has been said that 587 walters affected with additional token were affected as well as 517,774.16 ether.

"If you did not know what kind of review you received, like the definition of libraries, they should not have a state, and it should not be possible to disable them clearly," a user wrote on Reddit. "I know it's easy to be smart in the dark, but these are big design errors, I do not understand how it can be reviewed in the architecture phase."

“This response is concerning to say the least,” another said. “Nowhere do they accept any responsibility for the problem.”

What happens after this, the company is still looking for alternatives or atherium reform proposals "who have the ability to unblock money". In its report, Samata added a buzzword of a bug bounty program. However, it is clear that the company probably needs to pay more attention to patches of things by looking at the bug as well as the company's own entry as they were aware of the defects about 3 months before the exploitation

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!