Simple mistake leads to 30M+ USD theft

Simple mistake leads to 30M+ USD theft

A simple bug in the multisig-wallet contract deployed by the ethereum-wallet parity just netted some attacker over 30M USD (153k ETH).

How was this possible?

The contract that was used for the multisig-wallet was missing a very simple check: Do not allow anyone to call the function initWallet if it already has been called.

This is the relevant parts of the solidity-code:

It is important to remember that functions in Solidity are by default public and can be called from any address with arguments set by the sender.

As you can see there are no checks to prevent an attacker from calling initWallet and re-assigning the owner-addresses of the contract… And that is exactly what happened.

After changing the owner of the contract the attacker controlled the wallet and could send out over 153k ETH from three large wallets, with a current value over 30M USD to another address.

The fix to the contract was really simple; Setting initMultiowned and initDaylimit to internal (this prevents them from being called from external sources) and protecting initWallet with a new modifier “only_uninitialized”.

Relevant code after security-fix:

Looking at the original contract-code this exploit seems very obvious, how come it survived in the wild for over six months before being exploited?

ALWAYS think like an attacker when writing code!