Powering the decentralized Web @ Parity Technologies
July 27, 2017 in
1 min read
A quick update on the status of Parity Ethereum client.
There is now a significant amount in our bug bounty program (many thanks to all contributors). As mentioned in a previous post, critical security bugs in the latest versions of Parity, both beta and stable branches, are valid targets for bounty-collecting reports. The multi-sig wallet, in particular, should be considered a prime target for review and any significant bug will attract a large proportion of the bounty. Any bugs found should be reported to [email protected].
Several minor changes have been made to the Parity multi-sig, mainly to enable compilation by later versions of Solidity. We understand the "white hat group" is using this code to return some of the funds they temporarily commandeered. After code reviews by many of our developers, there are no known issues. The bug bounty program is active and we have so far had no issues reported.
Though we try to be as thorough as a bleeding-edge software project can be, bugs sometimes creep into our codebase and, as recent events show, left unchecked these can have significant impacts in the wild. Older versions of Parity can have known bugs (generally mentioned in the release notes): if you are using Parity for anything of any significant value please do ensure that you are running the latest version to minimize the chances of any problems and establish procedures according to the value as risk.