Multisig wallets vulnerable to exploitation by Starknet apps, says developer Safeheron

Certain multisignature (multisig) wallets tin beryllium exploited by Web3 apps that usage the Starknet protocol, according to a March 9 property merchandise provided to Cointelegraph by Multi-Party Computation (MPC) wallet developer Safeheron. The vulnerability affects MPC wallets that interact with Starknet apps specified arsenic dYdX. According to the property release, Safeheron is moving with app developers to spot the vulnerability.

According to Safeheron’s protocol documentation, MPC wallets are sometimes utilized by fiscal institutions and Web3 app developers to unafraid crypto assets they own. Similar to a modular multisig wallet, they require aggregate signatures for each transaction. But dissimilar modular multisigs, they bash not necessitate specialized astute contracts to beryllium deployed to the blockchain, nor bash they person to beryllium built into the blockchain’s protocol.

Instead, these wallets enactment by generating “shards” of a backstage key, with each shard being held by 1 signer. These shards person to beryllium joined unneurotic off-chain successful bid to nutrient a signature. Because of this difference, MPC wallets tin person little state fees than different types of multisigs and tin beryllium blockchain agnostic, according to the docs.

MPC wallets are often seen arsenic much secure than azygous signature wallets, since an attacker can’t mostly hack them unless they compromise much than 1 device.

However, Safeheron claims to person discovered a information flaw that arises erstwhile these wallets interact with Starknet-based apps specified arsenic dYdX and Fireblocks. When these apps “obtain a stark_key_signature and/or api_key_signature,” they tin “bypass the information extortion of backstage keys successful MPC wallets,” the institution said successful its property release. This tin let an attacker to spot orders, execute furniture 2 transfers, cancel orders, and prosecute successful different unauthorized transactions.

Related: New “zero-value transfer” scam is targeting Ethereum users

Safeheron implied that the vulnerability lone leaks the users’ backstage keys to the wallet provider. Therefore, arsenic agelong arsenic the wallet supplier itself is not dishonest and has not been taken implicit by an attacker, the user’s funds should beryllium safe. However, it argued that this makes the idiosyncratic babelike connected spot successful the wallet provider. This tin let attackers to circumvent the wallet’s information by attacking the level itself, arsenic the institution explained:

“The enactment betwixt MPC wallets and dYdX oregon akin dApps [decentralized applications] that usage signature-derived keys undermines the rule of self-custody for MPC wallet platforms. Customers whitethorn beryllium capable to bypass pre-defined transaction policies, and employees who person near the enactment whitethorn inactive clasp the capableness to run the dApp.”

The institution said that it is moving with Web3 app developers Fireblocks, Fordefi, ZenGo, and StarkWare to spot the vulnerability. It has besides made dYdX alert of the problem, it said. In mid-March, the institution plans to marque its protocol unfastened root successful an effort to further assistance app developers spot the vulnerability.

Cointelegraph has attempted to interaction dYdX, but has been incapable to get a effect earlier publication.

Avihu Levy, Head of Product astatine StarkWare told Cointelegraph that the institution applauds Safeheron's effort to rise consciousness astir the contented and to assistance supply a fix, stating:

 “It’s large that Safeheron is open-sourcing a protocol focusing connected this challenge[...]We promote developers to code immoderate information situation that should originate with immoderate integration, nevertheless constricted its scope. This includes the situation being discussed now.

Starknet is a furniture 2 Ethereum protocol that uses zero-knowledge proofs to unafraid the network. When a idiosyncratic archetypal connects to a Starknet app, they deduce a STARK cardinal utilizing their mean Ethereum wallet. It is this process that Safeheron says is resulting successful leaked keys for MPC wallets.

Starknet attempted to amended its information and decentralization successful February by open-sourcing its prover.