THMART CONTRACTH: faggot becomes owner of contract he doesn't own, kills $150MM
| Tripping at-the-ready sex offender | 12/13/17 | | Sable Massive Sanctuary | 12/13/17 | | Sable Massive Sanctuary | 12/13/17 | | razzle-dazzle ultramarine chapel filthpig | 12/13/17 | | Sable Massive Sanctuary | 12/13/17 | | Tripping at-the-ready sex offender | 12/13/17 | | Violet space azn | 12/13/17 | | Tantric Provocative Tanning Salon Therapy | 12/13/17 |
Poast new message in this thread
Date: December 13th, 2017 9:35 AM Author: Tripping at-the-ready sex offender
Yesterday, a user by the name of devops199 and self-declared “ETH newbie” attempted to trigger kill() functions in random Ethereum smart contracts to see what might happen (presumably for “a bit of a laugh”). You don’t need to be a Solidity developer to get an idea of what the kill() funciton might do to the funds stored inside such a contract. Of course calling a kill() function would typically have no effect; this function can only be executed by the contract owner. The problem, as devops199 put it, was that for one contract in particular, he was able to make himself the owner and therefore capable of calling the kill() function. The smart contract that was successfully killed happened to be one that was used to operate multi-signature wallets (a wallet that requires multiple signatories for transactions to be sent) and developed by a company called Parity Technologies. Those who have followed Ethereum for some months may also recognize this name from a similar exploit discovered earlier this year which led to the loss of $30M.
There were dozens of multi-sig Ethereum wallets that used this vulnerable smart contract, many of which were used to store funds that were raised through an ICO. Several of these wallets contained hundreds of thousands or tens of millions of dollars worth of Ether. This wallet for example, held $34M at the time of writing – a figure that has been effectively frozen for eternity (caveat below).
In total, the estimated amount of funds lost is in excess of $150M. Unlike in the previous Parity exploit, or the DAO attack from last year, rather than a malicious actor being rewarded, the funds have simply been lost.
https://ethereumprice.org/millions-dollars-frozen-ethereum-smart-contract/
(http://www.autoadmit.com/thread.php?thread_id=3827363&forum_id=2#34907415) |
|
|