Configurations affected: Any smart contract wallet created using Ethereum Wallet Frontier, version 0.4.0 (Beta 7) and below. Wallets created with Ethereum Wallet 0.5.0 and all later versions released after March 3, 2016 are not affected.
something that could happen: low
severity: High
summary:
Do not use wallet contracts or owner accounts from wallets created under Ethereum Wallet 0.4.0 or earlier. If you send to or interact with a malicious contract, that contract may take ownership of your wallet contract. Create a new wallet and move your funds.
How to be super safe??
Do not use vulnerable wallet contracts and the owner accounts of these wallets to send ether and interact with contracts you do not know! If you are not using that account and wallet, upgrade your wallet as follows: explanation hereYou are safe!
Details:
An attack vector has been discovered affecting smart contract wallets created prior to the launch of Homestead (Frontier Phase). An attack can occur when an affected wallet interacts with a malicious contract, or when the owner account of an affected wallet interacts with a malicious contract that knows their wallet address. An attacker can steal funds or tokens and change the owner of a wallet by impersonating the owner.
As long as you don’t use your wallet and owner account with contracts you don’t know, you are safe!
It is okay to receive Ether and send Ether to a non-contract account.
Additionally, if you configure your wallet with multi-signature, it is more secure because an attacker would have to send a malicious contract with all owners.
Proposed solution:
If you created your wallet using an affected version, we recommend that you perform one of the following steps:
- Create a new wallet The latest version of Ethereum Wallet (version 0.5.0 or higher) and Move your funds there. You can do the following steps:.
- Until you do the above, Do not use any account this is owner The affected wallet or the affected wallet itself Interact with closed sources or other unknown contracts that may cause arbitrary actions (including Ether delivery). Only send/interact with addresses you own or know!
- Create a secondary account for daily use. This wallet should not be connected to any contract wallet.
We have created a new Ethereum Wallet release 0.7.6 that detects vulnerable wallets.
Download the latest release and follow the steps outlined in the release notes to update your vulnerable wallet!
https://github.com/ethereum/mist/releases/tag/0.7.6