Parity sufferred from two vulnerability exploits for its multisig wallet implementation. The first one happened on July 19th, and the second one happened on November 7th. Both caused serious loss for its users.
Is Ethereum Classic Affected?
Does the Parity multisig hack affect the Ethereum Classic blockchain?
No. Neither the July 19th hack nor the November 7th hack affects the Ethereum Classic blockchain.
The Parity multisig wallet deployment script can be found starting
from L179 in this
uses the so-called “Parity Registry” to lookup the wallet library
walletLibrary.v.2. On Ethereum, this lookup will get you a
vulnerable wallet library address. In this case, it continues to
deploy the wallet
using it, and resulted in a vulnerable multisig wallet. On Ethereum
Classic, however, the wallet library is not deployed and lookup
walletLibrary.v.2 would return nothing. In this case, the
continues to deploy another “full”
of the multisig wallet. The full version is not affected by the wallet
library vulnerability. As a result, no matter when you deployed your
multisig contract on the Ethereum Classic chain, it is not affected by
any of the two Parity mutlisig hack.
The intention of using a wallet library is to save contract creation gas. By deploying less code, the transaction of deployment costs less. If you compare the multisig wallet deployment gas cost in Ethereum and Ethereum Classic, Ethereum Classic can be a little higher. This, however, saved Ethereum Classic users from two exploits.
We should note that a blockchain can only be as safe as the community that uses it. Ethereum Classic is lucky this time not being affected. We should stay cautious, however, and for all code for the blockchain, having decent code review and security audit is important.