CryptoCoinsInfoClub.com

Ethereum Multisig Contract

Github - Bitgo/eth-multisig-v2: Multi-sig Wallet V2, Supporting Original Wallet.sol Methods With Additional Confirmandexecute Improvements To Allow For Single-transaction Signing By Multiple Owners.

Github - Bitgo/eth-multisig-v2: Multi-sig Wallet V2, Supporting Original Wallet.sol Methods With Additional Confirmandexecute Improvements To Allow For Single-transaction Signing By Multiple Owners.

Multi-Sig Wallet v2, supporting original Wallet.sol methods with additional confirmAndExecute improvements to allow for single-transaction signing by multiple owners. If nothing happens, download GitHub Desktop and try again. If nothing happens, download GitHub Desktop and try again. If nothing happens, download Xcode and try again. If nothing happens, download the GitHub extension for Visual Studio and try again. Multi-sig contract suitable for use in wallets. Some of the features of the contract (WalletSimple.sol) Functions as a 2-of-3 multisig wallet for sending transactions. Support for synchronous (single transaction) approvals containing multiple signatures through the use of ecrecover. Can deploy Forwarder contracts so that a single wallet can have multiple receive addresses. Forwarder address contracts have the ability to flush funds that were sent to the address before the contract was created. ERC20 tokens can be flushed from the forwarder wallet to the main wallet with a single signature from any signer. ERC20 tokens and ether can be sent out from the main wallet through a multisig process. Safe Mode can be set on a wallet contract that prevents ETH and ERC20 tokens from being sent anywhere other than to wallet signers A test suite is included through the use of the truffle framework, providing coverage for methods in the wallet. Continue reading >>

Unchained Capital Open-sources Multisig Ethereum Smart Contract And Dapp

Unchained Capital Open-sources Multisig Ethereum Smart Contract And Dapp

Unchained Capital Open-Sources Multisig Ethereum Smart Contract and dApp Company now offering loans to both businesses and consumers in California. March 08, 2018 09:00 AM Eastern Standard Time AUSTIN, Texas--( BUSINESS WIRE )-- Unchained Capital today announced that they have released an open-source multisig contract for Ethereum. The smart contract enables Ethereum holders and services to take part in multisig transactions safely and simply using their hardware wallets. The smart contract can easily be accessed via a hosted dApp . As part of the release, Unchained is also running a bug bounty program with potential awards up to $150,000. Unchained Capital is a new kind of financial services company that offers loans secured with Bitcoin as collateral. They are the first company to solve a fundamental problem for individuals holding a substantial quantity of cryptocurrency: how to take advantage of their cryptocurrency ownership without selling their investment. Having recently received their Finance Lender License in California, Unchained Capital is also announcing that they will immediately begin offering crypto-secured loans to both businesses and consumers in California. Unchaineds open-source smart contract implements 2-of-3 multisig and interfaces with the Trezor Wallet to make multisig accessible and simple for Ethereum coin holders. Aware of the pernicious bugs that have plagued Ethereum contracts, Unchained designed the contract to be simple, streamlined, and most importantly, secure. We believe previous efforts at Ethereum multisig failed because they regarded the expressiveness of Ethereum as an opportunity instead of as a risk, said Unchained Capital CEO, Joe Kelly. We adopted instead a simple, straightforward design to maximize security. Our Ethereum mult Continue reading >>

Someone Accidentally Locked Away $150m Worth Of Other People's Ethereum Funds

Someone Accidentally Locked Away $150m Worth Of Other People's Ethereum Funds

Someone Accidentally Locked Away $150M Worth of Other People's Ethereum Funds On Tuesday, a single user permanently locked down dozens of digital wallets containing nearly $150 million dollars worth of ether, the unit of exchange on the Ethereum platform, allegedly by accident. Now, some in the Ethereum community are considering the possibility of a risky network split, known as a "hard fork," to fix it. The affected walletsknown as "multisignature" wallets because they require multiple people to sign off before funds are moved, making them popular with companieswere all created with Parity, a popular program for digital wallets. Parity multisignature wallets experienced a bug in July that allowed a hacker to steal $32 million in funds before the Ethereum community scrambled to band together to hack back and secure the rest of the vulnerable ether. According to a blog post released by Parity on Tuesday, the code that fixed the July bug contained another vulnerability. That vulnerability allowed a user known as "devops199" on GitHub, a site for developers to collaborate on open source code, to allegedly accidentally trigger a function that turned the contract governing Parity multisignature wallets into a regular wallet address and made him or her the owner. Devops199 then killed this wallet contract, or, as Parity put it, "suicided" it. This made all multisignature wallets tied to that contract instantly useless, their funds locked away with no way to access them. If the story is true, it seems like Devops199 was jiggling door handles and when one door opened, they tried to close it and the whole house exploded. Read More: How Coders Hacked Back to 'Rescue' $208 Million in Ethereum "We are asking for everyone to be patient until the full extent of the issue has been id Continue reading >>

Chapter 2: Working With Contractwallets

Chapter 2: Working With Contractwallets

From Chapter 1 we know that Ethereum has two types of accounts: One type, which we have been referring to simply as an Account, we already are quite familiar with having created them and stored ether in them. The other type of account is the Contract Account. While an Account has a password-protected private key and an address, a Contract Account has no private key but has an address, code, and storage. Contract Wallets (or contract-based wallets) are built with Contract Accounts, utilizing the ability of Contract Accounts to hold and run code with associated persistent storage. Of course, Contract Accounts can be used to do a lot more than just create Contract Wallets. Utilizing Contract Accounts, developers are hard at work creating all kinds of fascinating Decentralized Applications (DApps) right now. How Are Contract Wallets Different From Accounts? Accounts can be used as bare stores for ether, though they can also be used to do things other than just hold ether. When they are used to hold ether, Accounts can be thought of simply as private key/address pairs. The sole function of a Contract Wallet is to manage ether, that is, receive, store and spend ether.Unlike Accounts, Contract Wallets are controlled by code, which means that it is possible to customize their behavior. And, you wont have to do any coding yourself; the Contract Wallets come with a user interface that makes it easy to simply select the type of security/convenience enhancing customization you require. Contract Wallets are controlled by code but ultimately that code also has a master, and that master is an Account with its password-protected private key. So Accounts serve two roles; as bare stores of ether in their own right, and as owners (or controllers) of feature-rich Contract Wallets. Exactly Continue reading >>

A Major Vulnerability Has Frozen Hundreds Of Millions Of Dollars Of Ethereum

A Major Vulnerability Has Frozen Hundreds Of Millions Of Dollars Of Ethereum

A major vulnerability has frozen hundreds of millions of dollars of Ethereum Google to add restaurant wait times to Google Search and Maps, followed by grocerystores Today is not a good news day for Ethereum. A vulnerability found within a popular wallet has frozen potentially hundreds of millions of dollars of the crypto currency in a second setback in recent months. Parity Technologies, the company behind widely used wallet service Parity, today disclosed an issue that could enable the contents of a wallet to be wiped. The issue affects multi-sig wallets a technology that uses the consent of multiple parties for additional security on transactions that were deployed after July 20. In other words, ICOs that were held since then may be impacted. Its a kicker because it is the second time in just a few months that a major Parity bug has been unearthed with potentially costlyrepercussions for Ethereum, which is the worlds second highest-valued crypto currency with a total market cap of over $27 billion.Back in July, a vulnerability in Parity led to 150,000 ETH (then worth around $30 million) being stolen. That bug was fixed July 19 hence the significance of the July 20 date but one positive element of that first scare is that many in the Ethereum community, and particularly those who have held ICOs, backed away from the technology in favor of alternatives. Even those who did use Parity may not have opted for the multi-sig wallet. But still it is a major security issue with wider implications.Parity explained that it found the problem when one users wallet was wiped: Following the fix for the original multi-sig issue that had been exploited on 19th of July (function visibility), a new version of the Parity Wallet library contract was deployed on 20th of July. However that Continue reading >>

Dapp-bin/wallet.sol At Master Ethereum/dapp-bin Github

Dapp-bin/wallet.sol At Master Ethereum/dapp-bin Github

// constructor - stores initial daily limit and records the present day's index. // (re)sets the daily limit. needs many of the owners to confirm. doesn't alter the amount already spent today. function setDailyLimit(uint _newLimit) onlymanyowners(sha3(msg.data)) external { // resets the amount already spent today. needs many of the owners to confirm. function resetSpentToday() onlymanyowners(sha3(msg.data)) external { // checks to see if there is at least `_value` left from the daily limit today. if there is, subtracts it and // returns true. otherwise just returns false. function underLimit(uint _value) internal onlyowner returns (bool) { // reset the spend limit if we're on a different day to last time. // Funds has arrived into the wallet (record how much). event Deposit(address _from, uint value); // Single transaction going out of the wallet (record who signed for it, how much, and to whom it's going). event SingleTransact(address owner, uint value, address to, bytes data); // Multi-sig transaction going out of the wallet (record who signed for it last, the operation hash, how much, and to whom it's going). event MultiTransact(address owner, bytes32 operation, uint value, address to, bytes data); // Confirmation still needed for a transaction. event ConfirmationNeeded(bytes32 operation, address initiator, uint value, address to, bytes data); function changeOwner(address _from, address _to) external; function execute(address _to, uint _value, bytes _data) external returns (bytes32); function confirm(bytes32 _h) returns (bool); // bytes32 h = Wallet(w).from(oneOwner).execute(to, value, data); // Wallet(w).from(anotherOwner).confirm(h); contract Wallet is multisig, multiowned, daylimit { // Transaction structure to remember details of transaction lest it need be save Continue reading >>

Erc: Standard Api For Multisig Wallet Smart Contracts #763

Erc: Standard Api For Multisig Wallet Smart Contracts #763

Revoke approval from suggested transaction with given ID. Reverts if approval was not revoked from transaction, e.g. when _id is not a valid ID of pending suggested transaction, caller is not authorized to revoke approvals or called has not approved this transaction yet. 3.4. execute(uint256,address,uint256,bytes,uint256) function execute (uint256 _id, address _to, uint256 _value, bytes _data, uint256 _salt)returns (bool success) Execute suggested transaction with given ID and details. Returns true if transaction was executed successfully, false if execution failed. Reverts if transaction was not executed, e.g. when _id is not a valid ID of pending suggested transaction, transaction didn't collect enough approvals yet, transaction details do not match hash passed to suggest method or caller is not authorized to execute transactions. 3.5. reveal(uint256, address, uint256, bytes) function reveal(uint256 _id, address _to, uint256 _value, bytes _data) Reveal details of suggested transaction with given ID by logging Revelation event. Reverts if transaction details were not revealed, e.g. when _id is not a valid ID of pending suggested transaction, transaction details (assuming zero salt) do not match hash passed to suggest method or caller it not authorized to reveal transaction details. Note, that details of transactions whose hash was calculated with non-zero salt cannot be revealed. function getHash (uint256 _id) constant returns (bytes32 hash) Get hash of details of suggested transaction with given ID. Reverts if _id is not a valid ID of pending suggested transaction. function isApproved (uint256 _id) constant returns (bool approved) Tells whether suggested transaction with given ID has collected enough approvals to be executed. Reverts if _id is not a valid ID of pendi Continue reading >>

A Simple & Safe Multisig Ethereum Smart Contract For Hardwarewallets

A Simple & Safe Multisig Ethereum Smart Contract For Hardwarewallets

A simple & safe multisig Ethereum smart contract for hardwarewallets tl;dr Unchained Capital has released an open-source Ethereum smart contract implementing 2/3-multisig designed to directly interface with Trezor hardware wallets. If you have a Trezor, you can try this contract right now, for free, via our hosted dApp . Developer? Hacker? Paranoiac? Check out the source code on GitHub and review our bug bounty . In theory, cryptocurrencies can be one of the safest ways to store wealth. By safeguarding a short list of English words, anyone can protect millions of dollars in wealth and rest assured that no hacker or government can take it from them. In practice, its never so easy. This is because holding cryptocurrency safely amounts to protecting the private keys used to secure addresses in blockchains. Some investors are comfortable delegating security to a 3rd parties such as exchanges. For those who prefer to protect their funds themselves, there are various schemes such as air-gapped laptops, purpose-built hardware wallets such as Trezor or Ledger , and even just pen & paper (wallet words and other private key backups). One problem that most of these schemes all share is that they are designed for single-signature addresses and so rely on protecting a single private key. No one is perfect, so what happens when you lose access to that private key? Mark Frauenfelder s wonderful article on losing his Trezors PIN & wallet words vividly illustrates the horrors of finding out you have locked yourself out of your funds because you can no longer access the single private key protecting your addresses. A better solution would use a 2/3-multisig quorum consisting of three separate private keys, held by three separate people, and requiring any two to spend. This provides both Continue reading >>

The $280m Ethereums Paritybug.

The $280m Ethereums Paritybug.

Hacker, Microsoft MVP, Founder of @ComaeIo Co-Founder of @CloudVolumes (now @VMWare) A critical security vulnerability in Parity multi-sig wallet got triggered on 6th November paralyzing wallets created after the 20thJuly. As you may have read, Parity issued a security advisory today to inform its users and developers about a bug that got accidentally triggered which resulted in freezing more than $280M worth of ETH, including $90M belonging to Paritys Founder & Ethereum former core developer: Gavin Woods. As Dan Guido points out, this new vulnerable contract has been deployed more than 100+ days ago on July 20th, one day after the original multi-sig vulnerability had been exploited and fixed. A user named devops199 claimed he triggered the bug accidentally and reported it t hrough a GitHub ticket . The newly deployed contract, 0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4, contains a vulnerability where its owner was uninitialized. Although, the contract is a library it was possible for devops199 to turn it into a regular multi-sig wallet since for Ethereum there is no real distinction between accounts, libraries, and contracts. The event occurred in two transactions, a first one to take over the library and a second one to kill the library which was used by all multi-sig wallets created after the 20th of July. In the above transaction, the user initialized the owner to himself ( 0xae7168deb525862f4fee37d987a971b385b96952 ) of the Parity library using the initWallet() function which is the function that was originally exploited on July 19th. Assigning an owner to the library directly enabled the user to convert the library into a regular multi-sig wallet. // throw unless the contract is not yet initialized. modifier only_uninitialized { if (m_numOwners > 0) throw; _; } / Continue reading >>

Parity Technologies Multi-sig Wallet Issue Update

Parity Technologies Multi-sig Wallet Issue Update

Parity Technologies Multi-Sig Wallet Issue Update This week, as has been widely reported, a vulnerability in the Parity Wallet library contract of the standard multi-sig contract was found by an anonymous user. This user managed to gain access to the smart contract, effectively making themselves the owner of the contract. Subsequently, the user made the unfortunate move to suicide the smart contract underlying the multi-sig wallet which in turn blocked funds of of 587 wallets with a total amount of 513,774.16 Ether. While the funds remain in the affected wallets, the wallets themselves are inaccessible. Jutta Steiner, Founder of Parity Technologies says, We deeply regret the impact this situation is causing among our users and within the community. We do ask that people get in touch with us if they have any uncertainties and to not believe the speculation circulating the media. We are endeavouring to find a solution as soon as possible and we would like to thank everyone for the support weve experienced so far. Regarding the affected wallets, we are reaching out to the owners on an individual basis and welcome users to get in touch. If you are still unsure about the state of your wallet, please visit this website and if you have any questions remaining or would like to get in touch you can email us at [email protected] . We have spent the last few days rigorously examining the events. While it is too early to decide on a fixed solution, EIP156 has been discussed for a significant time and has drawn support from various directions in the community. The team is working on a broadly accepted solution that will unblock the funds. This is a learning opportunity (albeit a painful one) for our company, for our collaborators and the community that stands with us. There have Continue reading >>

Security Flaw Freezes More Than $150 Million Worth Of Ethereum

Security Flaw Freezes More Than $150 Million Worth Of Ethereum

A bug in Parity , a popular wallet for the cryptocurrency and decentralized application platform Ethereum, may have resulted in more than $150 million worth of ether being permanently frozen. The bug affects Parity multi-sig (multi signature) wallets, which require more than one owner to "sign" a transaction before it can go through. An unknown attacker (or a careless developer) has exploited it to effectively destroy a piece of Parity's code, effectively rendering all multi-sig wallets that were created after July 20 completely unusable. SEE ALSO: Move over, Bitcoin: Ethereum is the next big thing in cryptocurrency The July 20 date is significant; this is the date when Parity's code was updated to fix a bug that enabled a hacker to steal more than $32 million worth of ether from multi-sig wallets. Unfortunately, the new code contained another bug, which enabled an attacker to turn Parity's library contract effectively Parity's code into a multi-sig wallet and destroy it. "It would seem that issue was triggered accidentally 6th Nov 2017 (...) and subsequently a user suicided the library-turned-into-wallet, wiping out the library code which in turn rendered all multi-sig contracts unusable since their logic (any state-modifying function) was inside the library," wrote Parity in a blog post explaining the incident. This means that anyone who held Ethereum in a multi-sig wallet created after July 20 can't do anything with it it's impossible to transfer or spend it. It's unclear how many wallets are affected, but unofficial estimates say the number is at least 500,000 ether, which was roughly worth $154 million at the time the hack was discovered. Update: 500k ether locked which is $154m. Thanks @alexanderlhicks @Haaroony also independent confirmation by banteg on parity's Continue reading >>

Parity Multisig Bug Shows Non-owners Of Smart Contracts Can Execute Kill Function

Parity Multisig Bug Shows Non-owners Of Smart Contracts Can Execute Kill Function

The Ethereum community received a nasty surprise when the latest Parity multisignature hack was exposed. Someone successfully froze millions of dollars worth of Ether with a smart contract exploit. So far, this matter has not been resolved, and thereis evidence of thishaving been a malicious attack first and foremost. Its an interesting train of thought advanced by the ARToken team. Parity Multisignature bug may nothave been Accidental There has been a lot of interesting informationcirculatedregarding the recent Parity multisignature exploit. The bottom line isthat over half a million Ether has been frozen in smart contracts which have yet to be unlocked. Although Parity itself claims this bug was accidental, it seems there is a very different story that deserves attention as well. The ARToken team reached out to us to explaintheirfindings. More specifically, they seem to think this bug was anorchestrated attackon thewallets in question. The team recentlypublished a blog post explaining how they were affectedby the Parity smart contract bug. With their crowdsale wallet having been affected, around US$1 million remains frozen for the time being. For now, there is no indication as to when this situation will be resolved or what the consequences may be. It is evidentthatcauses major concern for all affected entities. In total, over 151 wallets containing 513,743 ETH have been frozen in connection with the Parity bug, with the Polkadot ICO possibly beinghit the hardest. It is a major blow to the ICO industry and highlights how Ethereum smart contracts are not safe from harm by any means. While some may claim this bug to have been an accident, there seems to be evidence pointing in a very different direction. It seems someonewas carefully manipulating a few of the affected Continue reading >>

Contract Design - How Can I Create A Multisignature Address On Ethereum? - Ethereum Stack Exchange

Contract Design - How Can I Create A Multisignature Address On Ethereum? - Ethereum Stack Exchange

How can I create a multisignature address on Ethereum? I want to store my ether in a form that requires more than one digital signature in order to authorise spends. How do I do on that on Ethereum? "Multisignature" addresses on Ethereum differ from that of Bitcoin. Though both networks allow for arbitrary complex transactions, the concepts are not intrinsically the same: In Bitcoin, there are 2 major classes of transactions: pay to pubkey (addresses starting with "1") pay to script hash (addresses starting with "3", also known as P2SH) The former is the more traditional account-based system of Bitcoin, whereas the latter was a BIP extension written by Gavin Andresen to enable more complex transactions. Essentially, P2SH allows for an arbitrary script to be used to produce a signatures to consume some input. In contrast, Ethereum there are 2 major classes of accounts: The major difference between these is that contract accounts contain code that can execute and interact with the blockchain. Because Ethereum is "turing-complete", the code can be anything, including a multisignature-type wallet. In comparison, Bitcoin has a more limited scripting language that allow for some scripting features of Ethereum, but not all. For example, here is some Wallet code , written in Solidity, which compiles to run on the Ethereum network as a contract account. It has various features including multiple signature support (with unlimited participants) and daily withdraw limits, allowing you to spend small amounts, but require multiple signatures for large transactions. This wallet runs entirely on the Blochchain and is available in Mist , (Ethereum DApp browser) with an easy-to-use HTML interface requiring no programming knowledge. Continue reading >>

Exploring Simpler Ethereum Multisig Contracts

Exploring Simpler Ethereum Multisig Contracts

Blockchain nerd, Ethereal explorer, Mystic Mathematician. Part of the @consensysllc mesh. Creator and chief architect, @uport_me. Exploring Simpler Ethereum Multisig Contracts A couple of weeks ago a number of widely used Ethereum multisig wallets were hacked , to the tune of ~$32 million in Ethereum-based assets stolen. Another ~$160 million in assets were preemptively taken and safeguarded by a group of white-hat hackers. The incident highlights the challenges with writing smart contract code. You can hardly think of a more adversarial environment than a public blockchain: Your code runs open to the world and anyone can try to poke and prod the functions you expose. Add to that contracts that safeguard tens of millions of dollars worth of assets and you have a situation where hackers are very motivated to find flaws in your contracts and exploit them. The irony about these multisig wallet hacks is that multisig wallets are supposed to be safer than just using one private key. In theory the multisig nature makes it harder for a hacker since they need to hack several people to obtain multiple private keys. In this case however the logic implementing this security feature had a bug which made the security much worse than a single key. There is an interesting tradeoff here: More logic in smart contracts can be used to implement more security features: timeouts, spending limits , multisig, vaults etc. However, the more logic in the smart contract the bigger the attack surface and the more likely that bugs are introduced that risk undermining the security features. We can consider a spectrum of asset-management tools from simplest to more complex. The simplest way to secure your Ether is to use a single private key which corresponds to an Ethereum address, sometimes known Continue reading >>

Toward An Ethereum Multisigstandard

Toward An Ethereum Multisigstandard

Developer/writer/thinker living in the cryptoverse. Co-founder of Grid+ Recent events have brought Ethereum multi-signature wallets (a.k.a. multisigs) into the spotlight. Twice this year, hackers or general troublemakers have exploited vulnerabilities in the Parity multisig smart contract . Critics have been quick to cite these incidents when suggesting Ethereum cant work due to a large attack surface, but the reality is much more nuanced. Grid+ is currently holding a token sale (ending soon) and is stashing its funds in a secure offline setup. When weighing our storage options, we immediately decided against all multisig smart contracts with which we were familiar, specifically those made by: Parity , Ethereum Foundation , ConsenSys , and Gnosis . This is not to say that all these wallets are exploitable (Gnosis wallet, for example, has held $200M for over a year without a breach), but the decision came from general prudence regarding complexity. None of these wallets met our needs, but that is not to say such a wallet cannot exist on Ethereum. As a means of comparison, we can look at Bitcoins P2SH -based multisignature scheme, which has zero reported hacks since its first use in 2012. The difference in security indeed comes from a reduced attack surface, though this is largely by necessity in Bitcoins constrained Script scripting language. In this article I will draw parallels between Bitcoins multisigs and a proposed Ethereum multisig. I hope this will help guide the discussion toward a common, standardized, simple Ethereum multisig contract. Before exploring Ethereum, it is instructive to first understand how Bitcoins pay to script hash (P2SH) scheme works and how it applies to a multisig scheme. The formal P2SH definition can be found in BIP16 and a 2-of-3 multisi Continue reading >>

More in ethereum