Note: general users are not affected by this exploit; if you are new to Ethereum then your funds are safe.
Yesterday, a user by the name of devops199 and self-declared “ETH newbie” attempted to trigger kill() functions in random Ethereum smart contracts to see what might happen (presumably for “a bit of a laugh”). You don’t need to be a Solidity developer to get an idea of what the kill() funciton might do to the funds stored inside such a contract. Of course calling a kill() function would typically have no effect; this function can only be executed by the contract owner. The problem, as devops199 put it, was that for one contract in particular, he was able to make himself the owner and therefore capable of calling the kill() function. The smart contract that was successfully killed happened to be one that was used to operate multi-signature wallets (a wallet that requires multiple signatories for transactions to be sent) and developed by a company called Parity Technologies. Those who have followed Ethereum for some months may also recognize this name from a similar exploit discovered earlier this year which led to the loss of $30M.
There were dozens of multi-sig Ethereum wallets that used this vulnerable smart contract, many of which were used to store funds that were raised through an ICO. Several of these wallets contained hundreds of thousands or tens of millions of dollars worth of Ether. This wallet for example, held $34M at the time of writing – a figure that has been effectively frozen for eternity (caveat below).
In total, the estimated amount of funds lost is in excess of $150M. Unlike in the previous Parity exploit, or the DAO attack from last year, rather than a malicious actor being rewarded, the funds have simply been lost.
When the DAO (an Ethereum smart contract) was exploited for tens of millions in July last year, the Ethereum Foundation decided – along with much community support – to hard fork as a means to reverse the malicious transactions. It was largely a success, however serious concerns were raised over the immutability of Ethereum’s blockchain (idealistically, all transactions should be final). As a result, the version of Ethereum at the time was maintained by a subset of the community and rebranded as “Ethereum Classic”.
A hard fork to unfreeze this latest exploit would appear to be less controversial in that no funds would require moving. However, such a “bail out” would create moral hazard among developers; developers who – some may argue – should be culpable for having deployed exploitable code. At this point in time however, it is looking unlikely that a hard fork to release these funds will take place. Ethereum co-founder, Vitalik Buterin has been purposefully quiet on the issue.
How does this affect the price of Ether?
In the hours after the exploit the price of Ethereum dropped sharply to a 24 hour low of $287.87 after trading at around $300 for several weeks. The mid to long term outlook from this massive loss of funds is multi-dimensional:
- How much confidence has been lost in the underlying technology
- A large sum of Ether has been taken out of supply
- A hard fork to unfreeze the funds
It is important to note that this was an exploit in a contract that was built on top of Ethereum and not Ethereum itself. However some may see this as a sign that developing complex financial contracts may be more difficult to attain than originally thought. It is a good reminder that – despite a $30B network valuation – the technology is anything but mature.
Assuming no hard fork, the supply of Ether has now effectively decreased. With deflationary pressure from the Metropolis hard fork (reducing miner reward) and upcoming Proof of Stake, a reduction in supply will only further increase price per token.
Another hard fork would likely open the door to yet another Ethereum token. As has been seen with previous hard forks in both Bitcoin and Ethereum, the result tends to be a net gain for investors – providing an “air drop” of new tokens for existing holders. On the other hand, it may be that a fix to unfreeze the funds are packaged alongside the second part of the Metropolis upgrade, which could prove less controversial.
There is a reason why best practice smart contract development is being documented heavily. The philosophy behind writing for Ethereum is entirely different to how someone may write a web application – often learning from failures and iterating over problems. With smart contracts, production ready code simply cannot continue to be exploitable.