In a blog post on the 3rd of February, London-based smart contract coding company Parity Technologies issued a security alert, warning of a catastrophic bug that has been unearthed in the Parity Ethereum node. According to the post, the bug could open an attack vector and cause their public Ethereum node to go offline. If ignored, the attack could have threatened a considerable portion of the network.
“On February 3rd, we received several reports that an attacker can send a specially-crafted RPC request to a public Parity Ethereum node (any version pre 2.2.9-stable and pre 2.3.2-beta) and that node will crash,” a section of the post reads.
The team took to Twitter to inform its followers that it had fixed the vulnerability. They also encouraged all Parity nodes operators to update their software to the latest version to remain safe.
“While the vulnerability only directly affects Parity Ethereum nodes that serve JSONRPC as a public service (e.g., Infura, [MyEtherWallet], MyCrypto, etc.), we recommend everyone to update their nodes immediately.”
Security holes in Parity platform
The news of the vulnerability comes at a time when Parity Technologies has been under intense scrutiny for many similar security problems. On November 8, 2017, Parity revealed that a user known as “Develops199” of the popular software development platform Github, had exploited software vulnerability in Parity’s multi-sig wallets, freezing roughly seventy wallets worldwide.
What is particularly troublesome is that the glitch originated from a software update Parity rolled out in July the same year to patch another bug, which cost several ICO projects an eye-watering $30 million in stolen Ethereum (ETH). Bad actors exploited part of Parity wallet software. Several wallet accounts holding large balances of Ether were compromised and balances transferred into accounts held by the hackers.
In January this year, the Ethereum Foundation gave Parity $5 million grant for its years of contributions to the Ethereum platform. The grant is aimed at supporting Parity’s work building Ethereum’s networks’ next iteration – Ethereum 2.0.
Featured Image from BeatingBetting.