Brain Freeze? Parity Bug Continues With No Easy Solution in Sight
With $160 million in funds frozen on the ethereum blockchain, a search for solutions is ongoing – if not altogether promising so far.
Three weeks and counting ...
That's how long it's been since a mishap by ethereum wallet provider Parity saw $160 million in cryptocurrency code frozen, and still no solution has been pursued to free up the funds. But that's not to say discussions aren't ongoing on how to return the cryptocurrency to its rightful owners.
At times heated, an escalating debate is developing on public chat channels about how to best correct the issue, and more notably, how to avoid resetting the history of the entire ethereum blockchain in what amounts to a network-wide software update to do so.
Hosted on GitHub, one public channel that has seen notable activity was created by ethereum's developer team to discuss proposals for reviving ether stuck in smart contracts. (Lost assets of this type occur with some frequency, such as when users send funds to non-existent wallets.)
But the conversation around Parity is evolving differently, in part due to the scope of the fund loss and the politics inherent in the decision-making.
As occurred after last year's infamous DAO hack, the incident has helped revive the debate about whether ethereum's development is too centralized and its blockchain really immutable, meaning all transactions are final and cannot be rearranged to correct human error.
This is largely because, in response to the DAO, new software was written and approved by the network's stakeholders to effectively rewrite its blockchain history. The move sparked contention and critique, even spawning an alternative blockchain, ethereum classic, now valued at $1.7 billion.
And though the Parity hack is jumpstarting the difficult conversation again, there's been a change in sentiment regarding whether this is indeed the best way to resolve massive hacks.
As one particularly vocal participant wrote on the recovery channel:
Not quite another DAO
However, while the political tensions are reminiscent of The DAO, there are some key differences between the two attacks. For one, while the DAO funds were stolen, Parity's funds have been made inaccessible due to an exploit that forced the wallets to self-destruct.
And although there's some conspiracy circulating as to whether the Parity hacker was acting maliciously – accidentally deleting the code library in the process of stealing funds – the fact that the affected ETH has not been gathered into a wallet changes the nature of the technical fix.
In particular, it reduces the need for ethereum to reset its blockchain.
As ethereum developer Nick Johnston, responding to infighting on the channel, wrote: "Why do you think recovering lost funds has to require 'going back in time?' I once had my bike stolen; it was recovered and returned to me. No time travel was involved."
Instead, ethereum updates are being proposed that involve changes to existing ethereum improvement protocols (EIPs) that could more broadly protect against cases of frozen ETH. In short, developers are attempting to take a wider-scope approach to problem-solving.
But while developers are focused on introducing changes that could improve the security of the network at large, none of the solutions discussed to date appear to be gathering consensus.
Imperfect options
For example, changes could be made to an existing ethereum improvement protocol, EIP156, that would refund some of the Parity losses by adding a new rule to the software.
Created by ethereum founder Vitalik Buterin in October last year, the EIP is named "Reclaiming of ether in common classes of stuck accounts." But while the title is promising, developers don't believe it's perfectly matched to the Parity problem at hand.
EIP 156 allows funds to be restored providing owners of lost ETH can mathematically prove they are the rightful owner. However, it only works with funds that are stuck in codeless or empty smart contracts and cannot rescue the dead Parity wallets, which still have code associated with them.
And although it may be possible to extend EIP 156 to address the current problem, the fix is currently imperfect.
According to ethereum security lead Martin Holst Swende, Parity refunds could be hardcoded into EIP 156, which would facilitate a one-off return of funds. However, the refund would not be applicable to the ICO tokens that have been impacted by the hack.
And due to a quirk in the code, the wallets, once retrieved, would not be returned to their original owners – instead, they would automatically be in the hands of the "creator" of the tech.
Heralded as one of the more "elegant" solutions discussed on the recovery thread is the idea to tokenize lost assets, akin to Bitfinex's "hack credit" token which was issued to those who suffered in the $60 million hack last year.
The idea is inspired by EIP 156 itself, which works by creating a token by which owners of lost funds can prove their ownership. This would allow traders to speculate on the release of the funds, and, according to Holst Swende, could have the advantage of allowing those affected by the Parity hack to win back funds before any potential code fix.
Similarly, Holst Swende speculated that perhaps a token of this kind could be used as a voting mechanism to discover whether a core software upgrade is actually desired by the community.
Parity's proposal
But while it may be down to U.K.-based Parity Technologies to format a proposal regarding the lost funds, its attendance on the channel has been sparse. However, this may not be reflect the firm's behind-the-scenes work.
In response to inquiries, a representative said that discussions are likely to advance soon.
It's unclear at this point whether the conversation among other ethereum community members will impact Parity's proposal, but writing on the channel yesterday, representative Afri Schoedon asked for a summary of the discussion, stating:
According to rumors on the thread, one Parity member is working on a fix that would entail changes to the ethereum virtual machine (EVM) to order the lost wallets to "un-self-destruct."
Although unconfirmed, the proposal has been a point of contention for Johnston, who told CoinDesk it would "change an important invariant" in the EVM, leading to "unexpected bugs, even in already-deployed contracts."
However, Afri Schoedon assured that going forward, Parity intends to offer "not one proposal, but multiple," deferring to the community to decide "what's acceptable or desired."
STORY CONTINUES BELOW
He told CoinDesk: "We will probably add two or three own proposals to the stack."
Ice image via Shutterstock