Even simpler mistake leads to 250M+ USD in ether frozen/lost

Even simpler mistake leads to 250M+ USD in ether frozen/lost

A simple bug in the fixed version of the multisig-wallet contract deployed by the ethereum-wallet parity to fix the attack i wrote about in a previous blog-post just caused 250M+ USD in ethers to be frozen/lost.

How was this possible?

To conserve space on the blockchain the parity-team deployed a contract that other multisig-wallets could call to use functions, much like a library. The problem was that this contract had functions that was not supposed to ever be used and it also had state (a stored variable indicating who the owner of the contract was).

Logic flaw

A logic flaw led up to the point where anyone in the world could call initWallet() and set the owner. The function WAS guarded by a modifier by the name of only_uninitialized, that only permitted the initWallet() to be called if and only if the variable “owner” was uninitialized.

The live contract had this variable….can you guess?… uninitialized…

Dependency breakdown

The owner was then permitted to call kill() which would make the contract commit suicide and remove itself from the blockchain. This function should never have been present in the first time…

And then what do you think would happen to all multisig-wallets that relied on this contract for functionality? Thats right, they would not work any more!

This was just was someone (yes i’m talking about you @devops199) just did. Malicious or not, it does not really matter.

The result

250M+ USD sitting in multiple multisig-wallet-contracts unable to ever be moved again unless the rules of the ethereum blockchain are changed, a highly controversial thing to do, and something that led to the creation of split known as ethereum and ethereum classic.

Be certain of your assumptions when validating and auditing code!