Back to Vulnerability database

Parity MultiSig Wallet Delegatecall

ID Submit date Publish date Author Score
1 10.26.2018 10.26.2018 devops199 10.0

Decription

It is possible to send calls to the WalletLibrary contract itself. Specifically, the WalletLibrary contract could be initialised, and become owned. A user did this, by calling initWallet() function on the WalletLibrary contract, becoming an owner of the library contract. The same user, subsequently called the kill() function. Because the user was an owner of the Library contract, the modifier passed and the library contract suicided. As all Wallet contracts in existence refer to this library contract and contain no method to change this reference, all of their functionality, including the ability to withdraw ether is lost along with the WalletLibrary contract. More directly, all ether in all parity multi-sig wallets of this type instantly become lost or permanently unrecoverable. Vector: BVSS:1.1/B:L/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/CI:N/II:H/AI:H

Component

Smart contract

Platform

Ethereum

Subclass

Delegatecall

Original source

https://etherscan.io/address/0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4#code

Comments