About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Parity Multisig Wallet (Second Hack)- 859

Hacking DistributedPosted 3 Years Ago
  • All Parity Multisig wallets use a single library.The wallet had a fallback function that called the walletLibrary with the users data. This is great for modularity, making the cost of a wallet much cheaper.
  • Here is the problem though: the WalletLibrary is a contract itself with its own state instead of a library. This means we can make calls to the WalletLibrary smart contract itself.
  • An "non-malicious" attacker called initWallet() of the library, which gave them ownership of the contract. Now, the user got scared of what had just happened and called kill(). This library was now completely nuked, making the funds impossible to gather.
  • Overall, the person who performed this felt real bad but a bugs a bug!

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed