There are many valuable lessons to be learned from the recent Parity multisignature bug. It is unacceptable that so many wallets have had funds frozen without a viable solution to undo the damage. More specifically, this issue has persisted for quite some time now, and it seems things are not necessarily improving. As the ARToken team points out, there are some things that will need to change to prevent history from repeating itself.
Ethereum Still has a lot of Issues
It is always easy to point the finger at the Parity team for their mistakes. While they are the sole party to blame for not fixing the exploit in time and postponing the fix for no good reason, the technology they have to work with is not without its flaws either. As much as most people would like to think otherwise, the Ethereum protocol and its technological features are a major security risk. Without proper coding and auditing, no money will ever be safe. Criminals know there are weaknesses and they will continue to exploit them for as long as they can.
It is evident that code audits in the cryptocurrency world are very rare. That is surprising, especially when it comes to so-called trustless solutions. “Code is law” is an interesting motto to live by, but it is still code developed by human developers. For all intents and purposes, no coder is bulletproof or unbiased; that is simply a fact. We need proper independent audits of all written code to make things improve rather than deteriorate. Taking responsibility for what is happening needs to become the new normal, instead of writing it off as “their problem, not mine”.
While US$30 million lost may seem like a drop in the bucket – after all, the Ethereum price is pumping hard – it is not something that should go by without repercussions either. Smart contracts, which are often seen as the cornerstone of everything Ethereum has to offer, are simply not secure. They weren’t on day one and they still aren’t today. While everything may seem in order most of the time, the Parity multisignature bug shows how easy it is sometimes to manipulate these contracts for financial gain or just to annoy others.
Sadly, there has been no independent audit of the relevant smart contract so far. That’s very concerning, as it demonstrates the team isn’t eager to take proper responsibility for the bug. This degree of irresponsibility will hinder the growth of Ethereum in the long run. It appears a lot of people have forgotten this is not the first time Parity has made a mess of things. It was successfully attacked five months ago as a result of another major smart contract bug.
We are not just pointing the finger at Parity, though. It’s also up to the original Ethereum developers to step up and push for more code audits. Vitalik Buterin distanced himself from the Parity issue by stating that he “won’t comment on wallet issues”. However, he also mentioned that he is a big supporter of those working hard on “auditing and formally verifying security of existing ones.” That’s a noble statement, but the real message has mostly fallen on deaf ears so far.
All of this goes to show Ethereum is not in the good place many people think it is. There are a lot of fundamental issues which will need to be addressed, yet no one is taking the initiative to do so. It is a powder keg waiting to explode at this point, and things only seem to be getting worse. How all of this will play out in the long run remains to be determined. Diehard Ethereum supporters – or fanboys – will gladly tell people to ignore this FUD and look at the technology itself. Unfortunately, that technology is not as secure or as future-proof as they might want to believe.