anyone can kill your contract

[ghost]

I accidentally killed it.

https://etherscan.io/address/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4

[jtakalai]

Hmmh, clearly the kill came from registered owner, and required signatures was 0, see initWallet transaction arguments https://etherscan.io/tx/0x05f71e1b2cb4f03e547739db15d080fd30c989eda04d37ce6264c5686e0722c9

[ghost]

Will it effect the dependent multisig wallets? When i query " isowner(<any_addr>)" the multisig wallets returns TRUE.

[ghost]

Hello, first of all i'm not the owner of that contract. I was able to make myself the owner of that contract because its uninitialized.

These (https://pastebin.com/ejakDR1f) multi_sig wallets deployed using Parity were using the library located at "0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4" address. I made myself the owner of "0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4" contract and killed it and now when i query the dependent contracts "isowner(<any_addr>)" they all return TRUE because the delegate call made to a died contract.

I believe some one might exploit.

[hlogeon]

Hello! We've clashed this problem! Thanks Parity for the great contract again ;)
Any ideas on how can we get our ETH and tokens back from hacked multisig?
I think that we can get ETH back just by killing contract itself but what about tokens?

[hlogeon]

For those Parity guys who doesn't believe that this exploit works - check out your library which were used by multiple multisigs: https://etherscan.io/address/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4#code

[hlogeon]

It looks like kill will not work on the contract itself if the library was killed. Nice job, Parity

[ghost]

@hlogeon 1. Why kill won't work?
2. Will ether transfer by owners work?

[hlogeon]

@devops199
Because there is onlymanyowners modifier. Which I think refers library. I didin't check why it's not working but the result of calling kill by 3 owners with the same arguments is just nothing.

[noxonsu]

"pragma solidity ^0.4.9;" released on 31 Jan

[hlogeon]

"pragma solidity ^0.4.9;" released on 31 Jan

How does it solves problem?

[tomusdrw]

Please read the details of the issue here: https://paritytech.io/blog/security-alert.html

We are analysing the situation and will release an update with further details shortly.

[5chdn]

The library is removed from the registry and all current Parity Wallet versions default to the WHG multi-signature wallets.

[RafaelCosman]

Thought I'd post some resources to help people that come across this thread:

In historical order:

1. Original Security Alert
2. Parity Technologies Multi-Sig Wallet Issue Update
3. A Postmortem on the Parity Multi-Sig Library Self-Destruct
4. On Classes of Stuck Ether and Potential Solutions

[bernardpeh]

How come the last 2 links no longer work?

[kirushik]

@bernardpeh Our bad, blog engine update ruined some of the links. Thanks for reporting.
I took a liberty to fix the links in the comment — it will do as a stopgap measure, but we'll definitely fix the underlying cause as well.

[wongwf82]

FYI, the transaction that was submitted here:
https://etherscan.io/tx/0x05f71e1b2cb4f03e547739db15d080fd30c989eda04d37ce6264c5686e0722c9

The transaction Successfully completed here:
https://etherscan.io/tx/0x47f7cff7a5e671884629c93b368cb18f58a993f4b19c2a53a8662e3f1482f690