Certain multisig (multisig) wallets can be exploited by Web3 applications using the Starknet protocol, according to a March 9 press release provided to Cointelegraph by wallet developer Multi-Party Computation (MPC) Safeheron. The vulnerability affects MPC wallets that interact with Starknet applications such as dYdX. According to the press release, Safeheron is working with application developers to fix the vulnerability.
According to Safeheron’s protocol documentation, financial institutions and Web3 application developers sometimes use MPC wallets to protect the crypto assets they hold. Just like a standard multisig wallet, require multiple signatures for each transaction. But unlike standard multisigs, they do not require specialized smart contracts to be implemented on the blockchain, nor do they have to be integrated into the blockchain protocol.
Instead, these wallets work by generating “chunks” of a private key, with each chunk held by a signer. These fragments must be joined off-chain to produce a signature. Due to this difference, MPC wallets can have lower gas fees than other types of multisigs and can be blockchain agnostic, according to the documents.
MPC wallets are often considered more secure than single-signature wallets, as an attacker generally cannot hack them unless more than one device is compromised.
However, Safeheron claims to have discovered a security flaw that arises when these wallets interact with Starknet-based applications such as dYdX and Fireblocks. When these apps “obtain a stark key signature and/or api key signature,” they can “bypass the security protection of private keys in MPC wallets,” the company said in its press release. This can allow an attacker to place orders, perform Layer 2 transfers, cancel orders, and engage in other unauthorized transactions.
Related: New “Zero Value Transfer” Scam Targets Ethereum Users
Safeheron implied that the vulnerability only leaks users’ private keys to the wallet provider. Therefore, as long as the wallet provider is not rogue and has not been taken over by an attacker, the user’s funds should be safe. However, he argued that this makes the user dependent on trust in the wallet provider. This can allow attackers to bypass the security of the wallet by attacking the platform itself, as the company explained:
“The interaction between MPC wallets and dYdX or similar dApps [decentralized applications] using signature-derived keys undermines the self-custody principle for MPC wallet platforms. Customers can bypass pre-defined transaction policies, and employees who have left the organization can still retain the ability to operate the dApp.”
The company said it is working with Web3 application developers Fireblocks, Fordefi, ZenGo and StarkWare to fix the vulnerability. He has also informed dYdX about the problem, he said. In mid-March, the company plans to make its protocol open source in an effort to further help app developers patch the vulnerability.
Cointelegraph has attempted to contact dYdX, but has been unable to get a response prior to publication.
Avihu Levy, Head of Product at StarkWare, told Cointelegraph that the company applauds Safeheron’s attempt to raise awareness of the issue and help provide a solution, stating:
“It’s great that Safeheron is opening a protocol focused on this challenge[…]We encourage developers to address any security challenges that may arise with any integration, however limited in scope. This includes the challenge that is being discussed now.
Starknet is a Layer 2 Ethereum protocol that uses zero-knowledge proofs to protect the network. When a user first connects to a Starknet application, they obtain a STARK key using their ordinary Ethereum wallet. It is this process that Safeheron says is resulting in leaked keys for MPC wallets.
Starknet tried to improve its security and decentralization in February by opening its tester.
