According to developer Safeheron, Multisig wallets are vulnerable to exploitation by Starknet applications
According to a March 9 press release from Safeheron, the developer of the Multi-Party Computation (MPC) wallet, certain multisignature (multisig) wallets can be exploited by Web3 applications using the Starknet protocol. The vulnerability affects MPC wallets that interact with Starknet applications such as dYdX. According to the press release, Safeheron is working with app developers to fix the vulnerability.
According to Safeheron’s protocol documentation, MPC wallets are sometimes used by financial institutions and Web3 application developers to secure their proprietary cryptoassets. Like a traditional multisig wallet, each transaction requires multiple signatures. However, unlike standard multisigs, they do not require special smart contracts to be deployed on the blockchain, nor do they need to be incorporated into the blockchain protocol.
Instead, these wallets generate “shards” of a private key, and each shard is held by a signer. These shards must be linked off-chain to create a signature. Because of this difference, MPC wallets can be lower in addition to gas fees than other types of multisigs and can be blockchain agnostic, according to the documents.
MPC wallets are often considered more secure than single-signature wallets, as attackers generally cannot crack them unless they compromise more than one device.
However, Safeheron claims to have discovered a security flaw that occurs when these wallets interact with Starknet-based applications such as dYdX and Fireblocks. When these apps receive a “stark_key_signature and/or api_key_signature,” they “can bypass security protections for private keys in MPC wallets,” the company said in a press release. This allows an attacker to place orders, perform Layer 2 transfers, cancel orders, and perform other unauthorized transactions.
Related: New ‘zero value transfer’ scam targets Ethereum users
Safeheron indicated that the vulnerability only leaks users’ private keys to the wallet provider. Therefore, as long as the wallet provider itself is not dishonest and has not been taken over by an attacker, the user’s money should be safe. However, he argued that this makes the user dependent on trust in the wallet provider. This could allow attackers to bypass the wallet’s security by attacking the platform itself, as the company explained:
“Interaction between MPC wallets and dYdX or similar dApps [decentralized applications] Using signature-derived keys undermines the self-preservation principle of MPC wallet platforms. Customers may be able to bypass predefined transaction policies, and employees who leave the organization may still retain the ability to operate the dApp.”
The company said it is working with web3 app developers Fireblocks, Fordefi, ZenGo and StarkWare to fix the vulnerability. dYdX also drew attention to the problem. In mid-March, the company plans to open source its protocol to further help app developers patch the vulnerability.
Cointelegraph attempted to contact dYdX but was unable to receive a response prior to publication.
Avihu Levy, head of product at StarkWare, told Cointelegraph that the company welcomes Safeheron’s attempt to raise awareness of the issue and help resolve it, stating:
“It’s great that Safeheron is creating an open source protocol that focuses on this challenge[…]We encourage developers to address any security challenges that may arise with any integration, however limited. This includes the challenge just discussed.
Starknet is a Layer 2 Ethereum protocol that uses zero-knowledge proofs to secure the network. When a user first connects to a Starknet application, they receive a STARK key with their regular Ethereum wallet. According to Safeheron, this process results in leaking keys to MPC wallets.
In February, Starknet attempted to improve its security and decentralization by open-sourcing its instance.