The Best Way to Fix the Parity Freeze: Part 1

Despite some controversy, there is a way to recover the frozen Parity contract funds on the Ethereum network. This is our recommendation for exactly how this recovery can take place.

On November 6th, 2017, an anonymous user known as devops199 found and exploited a bug in the Parity multi-sig wallet infrastructure that froze at least $150 million (although some reports have it up to $280 million) USD worth of ether.

It seems that Parity left a small oversight in their code, allowing anyone to call the initWallet() function and take control of all multisig wallets that had been generated within the last few months. And having called this function, devops199, as the owner of these wallets, was able to self-destruct the library that granted important permissions, such as the ability to withdraw funds.

As a result, the funds are now stuck in a digital limbo, visible on the blockchain but entirely inaccessible. Most striking about this situation is that it would appear that devops199 is an amateur coder who was just experimenting with the system. After he killed the contracts, he posted on GitHub asking if he would be arrested, and telling people he was an “eth newbie”. It seems that he even went so far as to open a support request on GitHub, saying, “I accidentally killed it”.

Hard Fork Proposals and Related Controversy

The Parity self-destruct bug affected both larger companies (Notable names include Polkadot and Iconomi) and individual users alike, and while solutions are currently being discussed, there is no real consensus about what to do. Some have speculated that a hard fork, or a patch included an already-scheduled network hard fork upgrade, will be required to unfreeze the ether funds.

Others have suggested that we do nothing — some of these motivated, in part, by anger at Parity, a company who only recently saw their wallets hacked to the tune of ~$30 million of their user’s money; and some motivated by a darwinian “survival of the fittest” mindset geared towards a libertarian ethos regarding the philosophy of blockchain technology. Others still remain undecided, waiting to gather more information before taking a side.

As of this writing, Parity is still in postmortem mode, taking stock of the damage and collecting data as it becomes available. However, as we learn more about what happened, it seems that a self-destructed library renders all of the ether in question truly inaccessible. Parity — and others — are searching for a way to internally restore wallet functionality and unfreeze the funds. Initial reports don’t seem promising, and in the event that a private, technical solution fails, one of the more elegant solutions available is a fix in the form of a hard fork.

But what does a hard fork really mean, and why does the current scenario present a unique opportunity to implement a well-designed hard fork solution?

To Fork or Not to Fork?

There are a lot of misconceptions out there regarding what a hard fork actually entails. Much of this stems from the DAO hack of 2016, in which an unknown party managed to drain ~3.6 million ether from a wallet belonging to the DAO. The community reacted, voting on and approving a controversial hard fork to restore the ether as if the hack had never occurred. The forked chain continued on as Ethereum, while a holdout contingent, believing that the hacker’s claim to the ether was valid, continued with the un-forked chain in the form of Ethereum Classic (ETC).

However, the DAO scenario from 2016 only tangentially resembles the situation we find ourselves in today. The lone concrete similarity is that a hard fork is being proposed as a potential solution. One of the most notable distinctions is the level of controversy that surrounded something as foundational as the ownership of the ether. Since the hacker simply took advantage of a loophole in the smart contract, he or she operated completely within the parameters of what was coded and released to the public. In this way, the exploit was more akin to a lawyer exploiting a legal loophole to free her client.

While the contract hacker used a vulnerability in the code to produce an unanticipated outcome, the method was not clearly “wrong” or against the law. Some have argued that the hacker was simply being intelligent, and deserved to keep their ether. This dispute over ownership is conspicuously absent in the immediate case. We know who owns the ether. We know exactly how much each address held at the time it was frozen, and there is no reasonable argument that a third party has any kind of claim to any of the ether.

Also missing is the time crunch found in the DAO resolution. Due to limitations in the smart contract, the hacker was able to drain his ether into 58 wallets, but was unable to move the funds for 30 days. This was a complete stroke of luck — were the funds more mobile, they would likely have disappeared into many different wallets and coins, making recovery all but impossible. We had to act quickly, as any resolution necessarily had to be in place before the ether could have been moved. Ultimately, the community voted on and approved a hard fork, which went through as a one-off fix to return the ether. The ad hoc nature of the fork served to add even more controversy to an already contentious resolution. Here, however, a fork wouldn’t take the form of a special, hastily-thrown-together pivot. Any proposed fork would be carefully considered, put to the community, tweaked, and eventually rolled into a planned update, possibly even in the form of a broader EIP. None of the negatively that can come along with feeling rushed or backed into a corner needs to be present in order to restore the Parity funds.

Instead, a fork in this scenario could be better thought of as an improvement to the entire ecosystem, albeit one that was catalyzed by an exploit. Unlike the DAO, a fork wouldn’t simply help one company, but would instead symbolize a new chapter for Ethereum, and for blockchain technology.

Immutability means that there is no need to trust a centralized authority. That’s the main reason why people are interested in cryptocurrency and blockchain tech. But every major update to the Ethereum network comes in the form of a fork, changing the code in order to improve the network.

Of course, there are those who oppose a fork, and there are valid points that need to be considered. One major issue is that of fairness and equality. The concern is that with hard-fork based solutions we will reverse some mistakes but not all mistakes, leaving some people, seemingly arbitrarily, to bear the burden of those mistakes. But this perhaps conflates cause and effect.

When a hard fork is accepted by the community, that is not the same thing as a decision made in a centralized system. A centralized system doesn’t give the community a say in the matter — an authority says either “we can undo your mistake”, or “tough luck”. But here, we’re talking about community-guided outcomes.

A hard fork could take the form of broad changes to Ethereum, allowing for anyone meeting a certain set of criteria to unfreeze their ether. Or, a hard fork could alternatively follow the precedent set by the DAO and operate as an ad hoc solution for a unique situation. In either case, however, there will not have been a centralized decision. If the community votes for either of these resolutions, they will go through. And if the community votes against them, they won’t. As Peter Vessenes, co-founder and Chairman Emeritus of the Bitcoin Foundation, wrote on his website:

“The Ethereum project has a plan for consensus, and the public debate we see today is part of that consensus-building plan. To come to agreement is not centralization.”

Or as user/Ethereum developer Nick Johnson wrote on the “ether-recovery” chat room as part of the discussion regarding recovering the Parity funds:

“Nobody can dictate a hard fork. It’s in the nature of blockchains that everyone has to agree with it and upgrade their software accordingly.”

Another reason a hard fork is somewhat controversial is that immutability and finality are core to the Ethereum ethos. Without a fully laissez-faire lack of intervention, the possibility is raised of a slippery slope. What if the next parties to request or demand a hard fork includes tax agencies, censors, litigious corporations, and other parties that are attempting to co-opt the blockchain? Or at least to start with, the possibility of a tidal wave of requests for hard-fork fixes that would surely include a large proportion of fraudulent claims that may be difficult to discern from legitimate claims. As the value of ether has increased, so has the amount of effort that some may be willing to endure to socially engineer their way to a hard-fork heist.

In many ways, we’ve seen these same arguments between community-oriented liberalism and individual-oriented libertarianism play out in traditional economic and political systems. The balance between these positions may be the same one that already works for us: implementing something akin to a constitutional amendment framework. Just as amending a constitution should be exceedingly difficult but not impossible, so too should blockchain modifications be possible, but appropriately difficult, in extraordinary circumstances.

The argument in favor of some type of governance mechanism that most affects the interest of the average ether holder who is not affected by the Parity situation is that technologies that don’t adapt and don’t innovate get replaced, particularly by the enterprise and institutions, such as those who are members of the Ethereum Enterprise Alliance and are helping to propel much of the momentum within the Ethereum ecosystem.

To make this issue even more important is the fact that by definition, the amount of “frozen” funds can only increase over time with the current lack of any consensus-based governance system. At this point, there is around a quarter of a billion dollars stuck on the blockchain, and potentially much more that amount that has not been publicly reported. This number will only grow as a combination of hacks, user mistakes, and bugs freeze more and more ether in new and unexpected ways.

With new Ethereum alternatives such as Tezos spearheading a community-driven governance system that are baked into the underlying technology, some type of comparable consensus-based governance mechanisms, even simple ones meant only for exceptional circumstances, may be in the interest of every Ethereum user. We may soon be faced with the choice between pure, absolute immutability and overall success and adoption amongst a more mainstream community. As Vitalik Buterin notes:

“In order to remain relevant in a rapidly evolving technological landscape, software must update, and software that does not update has no alternative but to slowly fade away and die as it is replaced by superior technology. There is no reason why this principle should not apply to decentralized crypto-protocols as well.”

Best Practices for a Hard Fork Solution

If a remedy for the Parity self-destruct scenario were to be implemented via hard-fork code, what would the best practices be for this solution?

Here are a few ways that some best practices could be used:

If possible, avoid hardcoding exact addresses to be affected by the patch. Instead, rely on logic that will allow for the patch to affect the affected contract address based on properties of the address that make self-evident the problem that needs to be solved by any address with those properties. In the case of the Parity bug, this may include properties indicating that the contract that has been destructed, it still holds a frozen balance, and possibly other properties that will provide additional safeguards. The goal is to avoid the possibility that someone conducting a code review many years from now will need to look up the specific circumstances of a hardcoded address that is cited in hard-fork code, and instead can deduce from the patch code itself what situation was being resolved. Publish an EIP with the exact code that will be used, a month or more ahead of the planned hard fork date, so that there is plenty of time for the community to review. Conduct an independent audit of the EIP to determine that it does not introduce any unintended side effects. Until a more official governance system is available, use CarbonVote or a similar unofficial voting system to help signal support for the remedy.

These best practices don’t go so far as to implement a full consensus-based governance solution, but it does provide an incremental starting point that improves on the somewhat chaotic, ad-hoc nature of the DAO hard fork.

Adding new consensus-based governance features to the network implemented via an already-planned hard fork upgrade is a strong contender for the resolution most likely to promote the longevity of Ethereum. The Parity issue has only served to underscore how fragile our entire ecosystem really is, and we are now forced to respond. We cannot wait for the next crisis — the time to get ahead of the future is right now.

We will publish a follow-up to this post with more specifics regarding various EIPs and proposals that are now being developed along with the exact implementation that we would recommend most based on the principles listed above. You can follow some of the discussion about this topic on the ether-recovery Gitter channel.