The flaw impacts MPC wallets that communicate with StarkEx programs like dYdX and could expose users' layer 2 keys to wallet providers. Safeheron is working with app developers to patch the vulnerability.
Certain multisignature wallets can be exploited by Web3 apps that use the StarkEx protocol, according to a March 9 press release provided to Cointelegraph by Multi-Party Computation wallet developer Safeheron. The vulnerability affects MPC wallets that interact with StarkEx apps such as dYdX. According to the press release, Safeheron is working with app developers to patch the vulnerability.
Instead, these wallets work by generating “shards” of a private key, with each shard being held by one signer. These shards have to be joined together off-chain in order to produce a signature. Because of this difference, MPC wallets can have lower gas fees than other types of multisigs and can be blockchain agnostic, according to the docs.than single signature wallets, since an attacker can’t generally hack them unless they compromise more than one device.
“The interaction between MPC wallets and dYdX or similar dApps [decentralized applications] that use signature-derived keys undermines the principle of self-custody for MPC wallet platforms. Customers may be able to bypass pre-defined transaction policies, and employees who have left the organization may still retain the capability to operate the dApp.”
A source familiar with the matter told Cointelegraph that StarkEx had known about the vulnerability before Safeheron brought it to attention, noting that the it does not allow an attacker to transfer funds off of the layer 2 and back onto mainnet. This seemingly implies that it may not be possible for an attacker to successfully steal funds through the attack.
México Últimas Noticias, México Titulares
Similar News:También puedes leer noticias similares a ésta que hemos recopilado de otras fuentes de noticias.
Multisig wallets vulnerable to exploitation by Starknet apps, says developer SafeheronSafeheron said it is working with app developers to patch the vulnerability, and is making its protocol open source in mid-March to help further efforts to patch the issue.
Leer más »
Tonight Is Ho-Oh Raid Hour #1 In Pokémon GO: March 2023Which Pokemon should you Mega Evolve for tonight's Ho-Oh Raid Hour? Which Shadow Pokémon should you bring to the fight? These PokemonGO tips will make you an elite Trainer.
Leer más »
Today's Tucson weather forecast: March 8Get a glimpse of what the weather in Tucson will be like today and how it compares to previous years:
Leer más »
The Best Things To Do in Dallas, March 8–14The Dallas Mavericks are the coolest team in the NBA (obviously), but did you know that they claim the original male performance squad in the league? That’s right the Mavs ManiAACs are the hip-hop dance crew you love to see in the stands and on the floor busting moves and team colors.
Leer más »
Powell speech: We have not made any decision yet about March meetingFOMC Chairman Jerome Powell testifies on the Semi-annual Monetary Policy Report before the US House Financial Services Committee. Key quotes 'We have
Leer más »
AllSides News Briefing: March 8, 2023Good morning! Here's your balanced AllSides news briefing for today, March 8. - Carlson's Jan. 6 footage - Bipartisan push against TikTok - Media bias on Spotify? And much more:
Leer más »