Use the real (PoW) Blockchain, and this stuff would not happen …
“The least evil.”
That’s how one ethereum user described the latest effort to recover $264 million in cryptocurrency lost due to a code fault in a popular ethereum wallet. But while the recovery efforts that have proliferated since the November incident have been so far shunned, a new effort, now documented in code, aims for a simpler and less invasive way to implement the fix.
Stepping back, in November, the code library associated with U.K. startup Parity’s multi-sig wallet was deleted by a pseudonymous hacker who “accidentally” exploited a function called “self-destruct.” In the fallout, Parity proposed a modification to the ethereum software whereby the self-destruct mechanism would lose its functionality, but the proposal was found to contain significant security risks.
This new proposal, published on April 15 by Parity Technologies communications officer Afri Schoeden, suggests simply restoring the lost wallet library with a version of the code that does not contain a self-destruct function.
Users would be able to regain access to their funds, and on top of that, the new code would protect Parity from similar exploits going forward. As such, the new proposal sends a clear message – when it comes to fund recovery, some developers have no intention of giving up the fight.
“I think simply recovering funds is both more technically sound and more honest than the original proposal to modify the self-destruct opcode,” ethereum core developer Nick Johnson told CoinDesk.
And a number of others agree.
Co-founder of ethereum prediction protocol Augur, Joey Krug, told CoinDesk:
“I do believe it doesn’t make sense to just have all this capital senselessly locked up.”
What seems to be different about this proposal is its limited reach.
Not only is it focused on the Parity software client only, but it’s also targeted specifically at only the 513,774.16 ether lost in the November hack. (This provides a contrast to past proposals, which have aimed at fund recovery broadly).
“Speaking personally, I’m in favor of helping people recover lost funds if the cost to do so is low relative to the funds being recovered, the owner is unambiguous, and the funds are definitively locked up,” Johnson said. “I think the case with the Parity multi-sig bug fits all three criteria.”
The other thing EIP-999 seems to have going for it is that it’s simple to execute. Instead of trying to rework the whole ethereum virtual machine, the proposal would be released to Parity software clients only by way of hard fork upgrade.
Schoeden emphasized this ease to implement, pointing to the pull-request he already submitted to Parity’s code base.
And Krug, like others, believe this request might actually see enough community support to finally put an end to the Parity fund recovery debate.
Although for some, including Krug, the balance between protecting ethereum users and encouraging good security practices should be taken into account when deciding whether recoveries should happen.
“In my opinion, proposals like these should be accepted provided the code was actually audited,” Krug said, adding:
“If it wasn’t, the community should be less forgiving.”
But with the broader debate over the recovery of funds due to code vulnerabilities splitting the community for years, some aren’t so sure even EIP-999 will settle the mess.
“Allowing case-by-case proposals for mistake reversals is a terrible idea and opens up all kinds of concerns. This would set a terrible and dangerous precedent,” one user wrote on an ethereum forum.
This sentiment seems to be the current majority on social media and GitHub, where many are worried about future corruption and bribery.
Indeed, a Reddit user warned, “Some unknown amount of developer mindshare will leave ethereum if this happens.”
Wrapping up what he sees as the sentiment among the community, Johnson told CoinDesk, “It seems plain to me based on an informal survey that a large proportion of the community is opposed to the idea. I think it’s unlikely this proposal will be implemented.”
Yet, the debates have brought about some sort of silver lining.
After EIP editor Yoichi Hirai stepped down from his role as a result of an eruption of criticism over the frozen fund recovery efforts, the EIP process was streamlined.
Still, Schoeden is aggravated by the opposition, telling CoinDesk:
“Even though I hear the feedback and apply changes to the new proposal, I get the feeling we’re running in circles here.”
UPDATE 24 APR 2018
Ethereum Proposal To “Resurrect” Disabled $360 Mln Parity Contract Shut Down
A week-long vote on a proposal in regards to the Parity hack wallet reversal, which proposed to restore a disabled contract to unfreeze 587 wallets holding 513,774.16 Ethereum (ETH), has ended with a majority “no” vote today, April 24.
In November of last year, a Parity user “accidentally killed” the Parity multisig library by activating a vulnerability to become the owner of the library, and then self-destructing it. Prior to that, the library had been “fixed and re-deployed” with the vulnerability after Parity was hacked of around 150,000 ETH in July 2017.
In response to the accidental freezure of the ETH funds, Parity wrote in a blog post that they are working on Ethereum Improvement Proposals (EIP) that could propose ways to unblock the funds.
EIP-999 presented on April 4 and written in regards to the frozen ETH “suggests restoring the WalletLibrary by a patched version to allow the owners of the dependent multi-signature wallets regain access to their assets.” EIP-999 received 330 “no” votes, 300 “yes” votes, and 9 “don’t care.”
Voting was a “coin vote,” which in this case allowed those with the dead, affected wallets to be able to vote with the ETH in those wallets just by signing the message, according to a Reddit post by user x_ETHeREAL_x. Before the vote was over, x_ETHeREAL_x posted that “the reason “yes” is winning has nothing to do with community sentiment”
“It is Parity, the original ethereum foundation members now part of parity, and even their own self-destructed wallet voting. Do not be fooled — this has nothing to do with “community” sentiment!”
The subsequent fork to restore users’ money led to a split off of Ethereum Classic – which kept the money with the hackers – by crypto enthusiasts that believed a return of the funds via a fork shouldn’t be used in any case.