Security Update

A quick update on the status of Parity Ethereum client.

Bug Bounty

There is now a significant amount in our bug bounty programme (many thanks to all contributors). As mentioned in a previous post, critical security bugs in the latest versions of Parity, both beta and stable branches, are valid targets for bounty-collecting reports. The multi-sig wallet, in particular, should be considered a prime target for review and any significant bug will attract a large proportion of the bounty. Any bugs found should be reported to [email protected]

Multi-sig Wallet

Several minor changes have been made to the Parity multi-sig, mainly to enable compilation by later versions of Solidity. We understand the "white hat group" is using this code to return some of the funds they temporarily commandeered. After code reviews by many of our developers, there are no known issues. The bug bounty programme is active and we have so far had no issues reported.

Please Upgrade!

Though we try to be as thorough as a bleeding-edge software project can be, bugs sometimes creep into our codebase and, as recent events show, left unchecked these can have significant impacts in the wild. Older versions of Parity can have known bugs (generally mentioned in the release notes): if you are using Parity for anything of any significant value please do ensure that you are running the latest version to minimise the chances of any problems and establish procedures according to the value as risk.