Parity sufferred from two vulnerability exploits for its multisig wallet implementation. The first one happened on July 19th, and the second one happened on November 7th. Both caused serious loss for its users.
Is Ethereum Classic Affected?
Does the Parity multisig hack affect the Ethereum Classic blockchain?
No. Neither the July 19th hack nor the November 7th hack affects the Ethereum Classic blockchain.
The Parity multisig wallet deployment script can be found starting from L179 in this file. It uses the so-called “Parity Registry” to lookup the wallet library registry key
walletLibrary.v.2. On Ethereum, this lookup will get you a vulnerable wallet library address. In this case, it continues to deploy the wallet contract using it, and resulted in a vulnerable multisig wallet. On Ethereum Classic, however, the wallet library is not deployed and lookup
walletLibrary.v.2 would return nothing. In this case, the deployment code continues to deploy another “full” version of the multisig wallet. The full version is not affected by the wallet library vulnerability. As a result, no matter when you deployed your multisig contract on the Ethereum Classic chain, it is not affected by any of the two Parity mutlisig hack.
The intention of using a wallet library is to save contract creation gas. By deploying less code, the transaction of deployment costs less. If you compare the multisig wallet deployment gas cost in Ethereum and Ethereum Classic, Ethereum Classic can be a little higher. This, however, saved Ethereum Classic users from two exploits.
We should note that a blockchain can only be as safe as the community that uses it. Ethereum Classic is lucky this time not being affected. We should stay cautious, however, and for all code for the blockchain, having decent code review and security audit is important.