Multisig wallets vulnerable to exploitation by Starknet apps, says developer Safeheron

Certain multi-signature (multisig) wallets can be exploited by Web3 apps using the Starknet protocol, according to a March 9 press release provided to Cointelegraph by Multi-Party Computation (MPC) wallet developer Safeheron. The vulnerability affects MPC wallets that interact with Starknet apps such as dYdX. According to the press release, Safeheron is working with app developers to patch the vulnerability.

According to Safeheron’s protocol documentation, MPC wallets are sometimes used by financial institutions and Web3 app developers to secure crypto assets they own. Like a standard multisig wallet, they require multiple signatures for each transaction. However, unlike standard multisigs, they do not require specialized smart contracts to be deployed to the blockchain, nor do they need to be built into the blockchain’s protocol.

Instead, these wallets work by generating “shards” of a private key, with each shard held by one signatory. These shards must be assembled off-chain to produce a signature. Because of this difference, MPC wallets can have lower gas fees than other types of multisigs and can be blockchain agnostic, according to the documents.

MPC wallets are often seen as more secure than single signature wallets, as an attacker usually cannot hack them unless they compromise more than one device.

However, Safeheron claims to have discovered a security flaw that occurs when these wallets interact with Starknet-based apps such as dYdX and Fireblocks. When these apps “obtain a stark_key_signature and/or api_key_signature,” they can “bypass the security protections of private keys in MPC wallets,” the company said in its press release. This could allow an attacker to place orders, perform Layer 2 transfers, cancel orders, and engage in other unauthorized transactions.

Related: New ‘Zero Value Transfer’ Scam Targets Ethereum Users

Safeheron suggested that the vulnerability only leaks users’ private keys to the wallet provider. Therefore, as long as the wallet provider itself is not dishonest and has not been taken over by an attacker, the user’s funds should be safe. However, it argued that this makes the user dependent on trusting the wallet provider. This could allow attackers to bypass the wallet’s security by attacking the platform itself, as the company explained:

“The interaction between MPC wallets and dYdX or similar dApps [decentralized applications] which use signature-derived keys undermines the principle of self-storage for MPC wallet platforms. Customers may be able to bypass pre-defined transaction policies, and employees who have left the organization may still retain the ability to operate the dApp.”

The company said it is working with Web3 app developers Fireblocks, Fordefi, ZenGo and StarkWare to patch the vulnerability. It has also made dYdX aware of the problem, it says. In mid-March, the company plans to open source the protocol in an effort to further help app developers patch the vulnerability.

Cointelegraph has attempted to contact dYdX but was unable to receive a response prior to publication.

Avihu Levy, Product Manager at StarkWare told Cointelegraph that the company applauds Safeheron’s efforts to raise awareness of the issue and help solve the problem, saying:

“It’s great that Safeheron is opening a protocol that focuses on this challenge[…]We encourage developers to address any security challenge that should arise with any integration, no matter how limited in scope. This includes the challenge being discussed now.

Starknet is a layer 2 Ethereum protocol that uses zero-knowledge proof to secure the network. When a user first connects to a Starknet app, they derive a STARK key using their regular Ethereum wallet. It is this process that Safeheron says results in leaked keys for MPC wallets.

Starknet attempted to improve security and decentralization in February by using open source code.