
Parity wallet critical vulnerability. $32M (153k $ETH) Stolen - andreygrehov
https://twitter.com/cryptoreach/status/887756542514049024
======
jamespitts
Some helpful information about this issue:

\- The vulnerability is in Parity's "enhanced" multi-sig contract

\- This affects Parity 1.5 and later

\- Parity 1.5 was released on January 19, 2017 (have you created any multi-
sigs in Parity since then?)

\- The canonical multi-sig contract used in Mist / Ethereum Wallet does NOT
have this vulnerability

------
notlambda
After seeing how many contracts get hacked I wonder why ethereum doesn't
implement a way to patch them. I know the blockchain is immutable but they
could publish a diff and allow developers to patch bugs before it's too late

~~~
sna1l
Not familiar with this too much, but what would stop developers from patching
the contract all the time?

~~~
notlambda
Maybe define who can patch the contract at time of creation. In many cases you
are already trusting the developer not to suicide the contract and run away
with the money so I don't see how that would change things.

~~~
jnwatson
The point of all this automated contract enforcement is so that you don't have
to trust the counterparty to abide by the terms.

If you trust the counterparty enough to allow the entity to change the terms
of the contract, why use Ethereum?

