The Ethereum Foundation is thrilled to announce a scalability, usability and security grant of five million dollars (USD) to Parity Technologies. For several years, Parity Technologies has been an invaluable member of the Ethereum ecosystem for their leadership in core development efforts, their Parity Ethereum client and more. Their work...
ethereumfrenzy1 - 2 years account age. 200 - 1000 comment karma.6 months ago
I feel like the community is warming up again with Parity, which is a great thing. Personally love Parity-ethereum. Do wish they had enough manpower/cash to bring back the Parity-ui. Hoping their light wallet will be as good.
Anyone remember Parity bug that locked 513000 ETH ?
ethereumfrenzy1 - 2 years account age. 200 - 1000 comment karma.6 months ago
Yes. They were at the cutting edge, offering a wallet contract that had a bug, and paid a very big price for it. That's what happens when at the edge of innovation. I do not believe the eth should be unlocked, because that would both be a bailout and a very contentious fork, but am happy that the Ethereum ecosystem still supports them. Their work in the space is still very much needed.
Are/were they all that innovative? Genuinely curious, my experience with parity in numerous iterations was that it a buggy, slow piece of garbage. Pretty much every wallet I've used since worked better and seem to have all the same features I need. But I haven't looked into the nuance of the differences.
If somone can deliver, it's definetly the Parity team. They've altredy created prototype implementation of web assembly enabled client - in some areas they're pushing faster than Ethereum Foundation itself
Thanks for mentioning that! As innovators in a brand-new industry where software is money, we are well aware that our experiences will often be front-and-center when security issues arise (as history has proven - there will be bugs). I've included our "Secure from scratch" process for smart contract security we developed with our auditing partner Trail of Bits and shared with the community mid last year:
>"Having users affected by software bugs is an experience we would not wish on anyone. We would like for our bugs to be a catalyst for more secure Ethereum development. To aid that process, we are sharing whatever we can to help the Ethereum community develop more securely and prevent bugs."
They have done a huge amount of good for Ethereum. But to be fair, those areas include multiple major errors and spending the bulk of their resources creating a competitor to Serenity instead of contributing to Ethereum research. I hope this grant encourages them to focus more on Ethereum.
"Despite a large amount of their raised ETH being stuck after a hack, they also acquired $83m in Swiss Francs, explaining their liquidity. "
~~Though let's correct the article to be more factual: it was not a hack, it was Parity forgetting to initiate the on-chain multisig template, which was destructed by some blockchain newbie who sent a few random calls to the contract.~~
There are nearly 600 wallets affected, none of which belong to Parity. As the announcement notes, our work on Parity Ethereum has been self-financed to date. We're contracted by the Web3 Foundation to build the first implementation of Polkadot, which is on track.
Yes, we know it was Gav's vision that launched both teams, but the Web3 Foundation has a much broader vision than just Polkadot for those funds as you can read in u/web3jp's post above.
We will continue working closely with the Ethereum community to find a solution to unlock the funds. We are confident that this community has the capacity to deliver a governance process that allows critical bugs and errors leading to security issues in running code to be corrected. If we've learned anything building Ethereum over the last five years, it is that *there will be bugs.*
Our commitment to Ethereum includes working to try and ensure that Ethereum users affected by bugs and hacks have some recourse available now and in the future. One of the best things about Ethereum is the community, and part of maintaining that magic is that we continue to look out for and support each other when things go wrong.
The wallet most affected is the Polkadot multisig, and the same people are involved in Polkadot and Parity. The above post should be a good reminder no matter the good Parity has done for the ecosystem, Parity is ultimately in for the good of Parity before Ethereum. After more than a year of lobbying for a bailout with various underhanded tactics, there's still no willingness for anyone from Parity to accept their mistake is not a mysterious "bug", but a human mistake from an overpaid team with asinine smart contract coding practices who neglected to run a security audit on their mission critical multisig a mere few months after a previous hack on that very same multisig put millions of dollars at risk.
Hubris, incompetence, dishonesty. Are we in for another year of mysteriously independently started coin votes where most of the early votes, before the community is aware, are for the bailout, and most of the late votes, once the community is involved, pushes back the needle to a firm "No", followed by flimsy claims Parity listens to the community only to hear the same nonsense a few months later? Or has the long term strategy become to stay on point with the message, hoping for a next cryptocurrency boom bringing new community members unaware of the history of negligence and easier to sway to a bailout?
That is laughably untrue. The library that the contracts reference was deleted. That’s not destruction of funds just destruction of a dependency which I would call bug. Not a bug in Ethereum mind you, but a bug in the Parity multi-sig code.
Nope, [ezpzfan324](https://www.reddit.com/user/ezpzfan324) (who I sometimes disagree with) is seriously right on this!
This is the same as sending Ether to 0x0, however, it's a more creative way to destroy Ether. Only the record of what has been destroyed exists. There's probably many other creative ways to burn Ether, eg. sending to a contract with no methods for withdrawal, or a contract who's withdrawal method requires a stack depth of more than 1024, or simply destroying the only private key that you have. Anybody can think of any other ways?
Let's not twist this any more than it already has been. The multi-sig was designed to give people secure control over their property. Yes, there was a bug, and it was exploited by a malicious hacker.
It's clear that the Ether that's stuck is still owned by the people who owned it before the hack, they merely can no longer access their property. ALL the evidence is on-chain for a full restoration. I have yet to hear a reasonable claim that the Ether should remain out of the hands of 573 affected people from the perspective of, "that's how it should work." Even Vitalik said that a "one time cleanup" of such bugs is ~~likely~~ can happen before Serenity.
SouptacularEthereum Foundation - Hudson Jameson6 months ago
Vitalik did not say it was "likely" to occur. The quote was this:
> At this point, I think it is very possible that ethereum will never see any more coin recoveries, because there are enough cases that are politically contentious that any attempt to set a bar will lead to people just below the bar complaining that they were not included.
Though it is also possible that when we move to sharding, there will be some kind of one-time ‘cleanup’ of the public chain that will restore funds to as many people as possible. That said, I do not think it is my place to make that decision or even heavily influence it.
Thank you for the correction Hudson. Either way, my reply focuses on the fact that any reasonable interpreter of the code can verify that an attack occurred on the multi-sig wallet that was *not* the intention of its creators. There is a technically feasible, and quite simple, workaround via EIP-999 that would address this clear misallocation of funds and restore the property to its rightful owners, all 573 of them.
A one-time cleanup in a future hard fork is possible.
Wan't there no bug in the actual contract though? Just the owner was uninitialized? It's fairly easy for a novice like me to interpret that the contract worked as expected - if it's not initialized, then of course that's how it works, it's not really a bug, but negligence on behalf of the engineers that deployed the contract and failed to initialize it for 100+ days.
As for 573 affected people.. man.. I do have the biggest sympathy for these people. I had tears build up in my eyes when I heard the news, and I still do now when I think about it. I've been affected by TheDao too, so I know how it feels. These people are innocent, and it really sucks for them. (I've also participated in the PolkaDot ICO)
At the same time, I was appalled by the way Parity dismissed this as just another bug, and then repeatedly asked the community to bare the brunt of a problem that the community didn't create. And the community was still fresh from helping out Parity from their previous hack.
In the real world, what happens when an Engineer causes, say a bridge to collapse due to their own negligence? Do we blame the malicious weather for the collapse? Well, they would be 100% responsible for their actions, because after all, these are the people who we trust and put our lives into our hands to build bridges that withstand any weather. Likewise, these people put their funds in to your hands and trusted you to build software that could withstand a malicious environment.
If that was me who caused a problem due to negligence, I would personally try to make each person whole from my own funds, down to all my possessions until I was naked on the street, and then work for the rest of my life for these people until they are repaid. In other engineering fields, such as civil or naval engineering, serious breaches of negligence usually result in jail time.
Also, on the topic of a "clean up" fork. How is that supposed to work? What about the accidental funds that have been sent to 0x0, how will we know which ones to un-destroy? What about my 1 ETH that has been destroyed in my own contract that I've messed up, or is that insignificant?
we totally understand that parity has a very complicated legal structure to develop polkadot in a compliant manner, but please, can we not gaslight the community. parity raised the funds. parity lost the funds. parity was going to pay people with the funds
the commenter is functionally correct, even if they have not been keeping abreast of the entire tree of parity related legal entities.
It's really not complicated. We are contracted by the Web3 Foundation to build Polkadot. Web3 Foundation raised the funds. Full stop. Gav is the only common figure between the two (obviously because he cofounded Ethereum + Parity + Polkadot and developed the modern concept of Web3) - there is no one team OR individual running two organizations. [Yes, we have admitted that there was a bug in the code](https://www.parity.io/our-commitment-to-ethereum-and-a-decentralised-future/) and yes we will continue to work to restore Ethereum users' property. As I said, nearly 600 wallets representing thousands of people who committed to building on Ethereum are involved here.
Polkadot will be delivered, but the funds the W3F raised are targeted at a much wider range of Web3-technologies, [as defined in Jack from W3F's earlier post](https://www.reddit.com/r/ethereum/comments/adjr9w/ethereum_foundation_announces_major_grant_to/edhthw4). This includes a lot of funding in the Ethereum ecosystem and a lot of teams other than Parity. We are all in this together. The statements that Parity is in this for Parity or that Parity "was going to pay people with the funds" or that we have any control over what is done with the funds raised for Polkadot are contrived, and ignore the reality of the work we do every day to improve the prospects for a future decentralised internet.
"We fucked up 600 wallets so we deserve to get 5 million dollars" is not the most convincing argument. The board of the Web3 Foundation was announced [here in the comments](https://twitter.com/edbwt/status/940363457827917825) **after** it had 'contracted' Parity to build Polkadot.
cmon now. im saying that polkadot is the primary focus of Web3 Foundation, you tell me, "polkadot will be delivered, but the funds the W3F raised are targeted at a much wider range of Web3-technologies"
but Web3 foundation twitter bio backs me up: "Web3 Foundation is building an internet where users are in control of their own data, identity and destiny. Our primary project is @polkadotnetwork."
no one is mad that parity is building polkadot or that gav is the head of both orgs. it is a great solution to the problem of building a decentralized platform. the progress has been great. the product market fit with developers has been impressive for a project so young, but the money was raised by gav on the strength of the parity team. whatever detours it took to get into the Web3 foundation account before getting back to the parity team are not super important.
Because twitter bio is law, just like code is law, right? I'll again refer to the Ethereum-related work the W3F has accomplished in just the past year, even after Devops199 did his thing:
>Here are a few things we've supported directly related to Ethereum:
>Funding the Ethereum Explorer: [https://medium.com/poa-network/introducing-blockscout-the-ethereum-explorer-86b4ddd9e8a4](https://medium.com/poa-network/introducing-blockscout-the-ethereum-explorer-86b4ddd9e8a4)
>Launching and funding ETH Prize: [http://ethprize.io/](http://ethprize.io/)
>Upgrading Whisper by assembling a multi-party research and development team (includes Status and Validity Labs): [https://github.com/w3f/messaging](https://github.com/w3f/messaging)
>Funding the Ethereum Community Fund as a founding member: [https://ecf.network/](https://ecf.network/)
>Co-hosting ScalingNOW w/ Giveth to help bring immediate scaling solutions to Dapp devs. We organized an on-chain governance workshop and brought together Tezos, Cosmos, 0x to compare approaches: [https://www.youtube.com/watch?v=AOlS4QddpNI](https://www.youtube.com/watch?v=AOlS4QddpNI). ScalingNOW outcomes and spreadsheet: [https://docs.google.com/spreadsheets/u/2/d/1BQ0bK\_LhSQvxtvXryVoIcmxeKMuVJCq6oD0aS5\_hpC8/edit#gid=0](https://docs.google.com/spreadsheets/u/2/d/1BQ0bK_LhSQvxtvXryVoIcmxeKMuVJCq6oD0aS5_hpC8/edit#gid=0)
And no, there is not a complicated legal structure (or any structure) for this to happen:
>whatever detours it took to get into the Web3 foundation account before getting back to the parity team are not super important.
[As noted by the W3F right after the contract deletion](https://medium.com/web3foundation/an-update-on-the-web3-foundation-d905128f15a9):
>Should the blocked funds be freed for use, this spending profile would be the primary beneficiary: this includes supporting the R&D of non-core protocols such as Whisper, Swarm and many others in the decentralised ecosystem, peripheral tooling and languages, general academic sponsorship and low-level research of no immediate relevance to Polkadot. We sincerely hope that a change in status of the blocked funds will allow us to support of these projects and directions to the benefit the wider ecosystem.
All mandated by the Web3 Foundation's deed under Swiss law.
Hope there is some consensus reached by the time Ethereum 2.0 hardfork to finally unlock those.... As we are still in the early days of Technology, fixing what is fixable and doesn't hurt anyone should really not be up for debate at all.
There is no fix needed, the code executed as intended. Parity programmers enabled the option of letting anyone self-destroy their contract, and someone used it. Much like you don't restrict cars to 10mph become some people refuse to wear their seatbelts, there's no reason to destroy the one-time-event nature of the DAO / near immutability of Ethereum to encourage even more recklessness.
It is very clear there will never be consensus and the issue should be dropped. It has been pushed for with massive resistance too many times already, waste of time and causing in fighting when there's nothing to be gained should be avoided.
Has the Web3 foundation actually done anything for the Ethereum Ecosystem? It seems to me that it's just constantly promoting Polkadot, which is a direct competitor. But let's not talk about Web3 and Polkadot, just celebrate Parity's contribution to Ethereum.
In order to see a fully realized decentralized web, and to that end, a viable Polkadot network, a number of protocols need to be further developed. W3F put forth a tech stack that outlines the protocols it supports, including Ethereum (see tech stack: [https://github.com/w3f/Web3-wiki/wiki](https://github.com/w3f/Web3-wiki/wiki)). We support these protocols this by convening top teams, driving research initiatives and collaborations, helping to facilitate standards, deploying grants, and providing a platform to build community.
Here are a few things we've supported directly related to Ethereum:
* Funding the Ethereum Explorer: [https://medium.com/poa-network/introducing-blockscout-the-ethereum-explorer-86b4ddd9e8a4](https://medium.com/poa-network/introducing-blockscout-the-ethereum-explorer-86b4ddd9e8a4)
* Launching and funding ETH Prize: [http://ethprize.io/](http://ethprize.io/)
* Upgrading Whisper by assembling a multi-party research and development team (includes Status and Validity Labs): [https://github.com/w3f/messaging](https://github.com/w3f/messaging)
* Funding the Ethereum Community Fund as a founding member: [https://ecf.network/](https://ecf.network/)
* Co-hosting ScalingNOW w/ Giveth to help bring immediate scaling solutions to Dapp devs. We organized an on-chain governance workshop and brought together Tezos, Cosmos, 0x to compare approaches: [https://www.youtube.com/watch?v=AOlS4QddpNI](https://www.youtube.com/watch?v=AOlS4QddpNI). ScalingNOW outcomes and spreadsheet: [https://docs.google.com/spreadsheets/u/2/d/1BQ0bK\_LhSQvxtvXryVoIcmxeKMuVJCq6oD0aS5\_hpC8/edit#gid=0](https://docs.google.com/spreadsheets/u/2/d/1BQ0bK_LhSQvxtvXryVoIcmxeKMuVJCq6oD0aS5_hpC8/edit#gid=0)
W3F is a small team of people who believe in an internet where users are in control of their own data, identity, and destiny. We work with any team or individuals helping to deliver this vision. This is not a zero sum game for us. We get to our goal quicker when we work together.
The whole Ethereum blockchain and every smart contract, dapp and web and light client relies on web3.js. Ethereum would be useless without them:
First link thats easy to understand what web3.js is:
Also Gavin Wood founded Ethereum with Vitalik and was the CTO. He coded Ethereum and continued to build everything around it to work properly.
You have two people saying there’s no connection between web3 foundation and web3.js. It would serve the community better to reply with an informative response vs sarcasm. I’m genuinely interested in what you have to say.
I cant find an online article about exactly who did what but Wood, Wilke, Zamfir and Vogelsteller all worked on web3.js at one point. Initially it was Wilke and Wood who coded Ethereum and web3.js and later mostly Vogelsteller when Wood founded web3 Foundation and parity to focus on the client and scaling.
Just watch the early devcon videos or check on github.
Parity, the light client, the spam attack prevention, scaling solutions and much more was done by web3 foundation. Up to 2016/17 parity/web3 was basically all about Ethereum and still is highly valuable for most of the nodes and the blockchain communication.
That's why the Ethereum foundation has a big interest in keeping that support and rightfully they gave them this 5 mio grant.
I didnt say anything else lol
The people around Parity were organized as web3 foundation later. Web3 does a lot more than just parity tho.
This grant goes straight to the part of web3 that keeps doing development for Ethereum.
You have some grudge against me, parity or web3 and I don't know why. Over and out from my side. I don't waste my time on a reddit fight about other people's companies.
Well not nothing, but it's a bit confusing.
Web3 was the name that Gavin called the reignited vision for the decentralized web that was going around because of Bitcoin (the internet was originally meant to be more decentralized as it is now) and which he popularized. Really happy with that.. that gave gave a name to the whole movement.
So when people started building interfaces for Ethereum these were called Web3 already anticipating to support Whisper (decentralized messaging) and Swarm (decentralized file storage)
Then later Parity was created to support Ethereum services. Then when Gavin and Vitalik didn't really agree on sharding / research, Gavin decided to take advantage of the ICO boom and started the Web3 Foundation to fund his vision for a better scaling solution called Polkadot. Where Parity was obviously chosen to build it.
AFAIK the Web3 Foundation has never supported any of the work on the Ethereum Web3 libraries for ETH, SHH and BZZ/PSS.