
A Postmortem on the Parity Multi-Sig Library Self-Destruct - chuckus
https://paritytech.io/blog/security-is-a-process-a-postmortem-on-the-parity-multi-sig-library-self-destruct.html
======
detaro
The juicy bit:

 _In August, a Github contributor called “3esmit” recommended a code change
that initWallet should be called when being deployed which at the time was
considered a convenience enhancement. Thus, we committed this proposed
enhancement to the library contract that would automatically initialize it by
calling initWallet on construction. Interpreting the recommendation as
enhancement, the changed code was to be deployed in a regular update at a
future point in time._

Someone noticed and mentioned the issue in August, but it wasn't considered
critical and thus not fixed for the already deployed contract.

