apegurus/parity-multisig
skills/case-studies/parity-multisig/SKILL.md
Case study of the 2017 Parity Multisig Freeze: delegatecall + self-destruct exploit freezing ~$150M
research
Updated May 13, 2026
$ install --global
skillsauthnpx skillsauth add apegurus/solidity-argus parity-multisigInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 13, 2026, 3:20 AM122.9s1 file scanned
SKILL.md
- name:
- parity-multisig
- description:
- Detects use of selfdestruct, which can be used to destroy a contract and freeze funds if not properly protected.
- category:
- reference
- source_url:
- https://rekt.news/parity-rekt/
- source_license:
- CC0
- imported_at:
- 2025-02-20T00:00:00Z
- - regex:
- selfdestruct\(.*\)
- severity:
- High
<!-- Source: rekt.news (CC0) -->
<!-- Source: SunWeb3Sec/DeFiHackLabs (Reference) -->
Parity Multisig Freeze (2017)
Overview
In November 2017, a user accidentally triggered a vulnerability in the Parity Multisig wallet library contract. By calling an uninitialized initWallet function, the user became the owner of the library contract and subsequently called kill(), which executed selfdestruct. This froze approximately 513,000 ETH (worth ~$150M at the time) across 587 wallets that depended on this library.
Root Cause
The Parity Multisig wallets used delegatecall to execute logic from a shared library contract. However, the library contract itself was not initialized. This allowed any user to call the initWallet function on the library contract directly, making them the owner of the library. Once they were the owner, they could call the kill function, which contained a selfdestruct instruction.
Attack Flow
- A user (devops199) found the uninitialized library contract.
- The user called
initWallet()on the library contract, becoming its owner. - The user then called
kill()on the library contract. - The library contract executed
selfdestruct, removing its code from the blockchain. - All multisig wallets that used
delegatecallto this library now had no logic to execute, effectively freezing all funds held in them.
Impact
- Loss: ~$150M (513k ETH)
- Protocol: Parity Multisig
- Chain: Ethereum
- Date: 2017-11-06
Key Transactions
- Initialization tx:
0x05f5c113c130f928d4d0d261046c5511846909b77060ef6568bf9158ad312a06 - Kill tx:
0x47f7cff3ad8733831a0e273108ef239bb0d0657da3a4279b1d17ac2616a12487
Detection Heuristics
- Pattern 1: Uninitialized library contracts that contain sensitive functions like
selfdestructorinit. - Pattern 2: Use of
delegatecallto a contract that can be destroyed or modified by unauthorized users.
Remediation
- Fix 1: Initialize library contracts during deployment or use a constructor to disable initialization functions.
- Fix 2: Avoid using
selfdestructin library contracts. - Fix 3: Use static libraries or ensure the target of
delegatecallis immutable and properly initialized.
References
- rekt.news/parity-rekt/
- paritytech.io/blog/security-alert-heavy-update/
Related Skills
apegurus/vector-scan
testing
VerifiedTrustedCommunity
Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.
SKILL.mdUpdated May 30, 2026
apegurus/periphery
tools
VerifiedTrustedCommunity
Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.
SKILL.mdUpdated May 30, 2026
apegurus/math-precision
testing
VerifiedTrustedCommunity
Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.
SKILL.mdUpdated May 30, 2026
apegurus/invariant
testing
VerifiedTrustedCommunity
Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.
SKILL.mdUpdated May 30, 2026