You are viewing a single comment's thread from:

RE: Ethereum Voting on Restoring Parity Hack

in #ethereum7 years ago (edited)

Exactly my thought too.

Both in TheDAO and in the Parity case we can assume the bug in the contract code was made by accident, not by malice. There was quite some people doing peer review of TheDAO, but the bug was not discovered. If such accidental security bugs can sneak through undetected, then a malicious actor wanting to insert a backdoor and wanting to make it hidden should have reasonable good chance to succeed on that.

What is the point with "smart contracts" if they cannot be trusted?

This very thought made less convinced about the Ethereum project in the aftermath of TheDAO-hack, hence for quite a while I held no ethereum except what I had put into TheDAO

Sort:  

It’s sadly the issue with a lot of products coming out in this space. Very young company moving way to fast and getting massive evaluations. Everyone wants to be the next BTC and no one wants to miss the train either. That sadly comes at high costs like this and even worse giving governments ammunition to have resistance to such thing. $300 million just going missing in a way most people won’t even have a clue about is enough to set off many alarm bells. Which is just creating further PR issues for this product and the entire space overall.

I’ve never touched ETH and never heard of any the ICO’s on this list. With how young these all are I’m going guess having experts with 10,000 hours of experience is still difficult or nonexistent. Add in no one wants to sit too long on alpha/beta testing with how fast this space moves and people being fearful someone else will beat them to market. I’m rather shocked this is not happing more often. Reminds me of modern day gaming where it seems every product is being shipped needing day one patches because it was still not working hours before the final release.

One would hope the lowest common denominator would not be able to brick an entire system but things can easily become overlooked. People often don’t think in terms of that when testing as they already have way too much experience. Based on a screen of conversion that went down it appears smart contacts are not very smart. I’ve always felt the learning curve is a bit steep when people have to practice with real money that also can cause real dire consequences. Sounds like this person should be nowhere near an active system.

Do they even have a particle/demo setting for people to play with smart contracts? I’ll admit I know very little about this specific item. I guess it’s at least better it happening now then years down the road if it was never discovered. Who knows what else could be lurking in wait. I can only hope this causes a fair amount of resources being spent to assure to the public it won’t ever happen again. Next time its doubtful to be such a small amount of $300 million and that is crazy.

My thought is that perhaps the "solidity" contract language is not well-enough thought through.

Bugs in games is one thing, but contracts needs to be rock solid, easy to understand and easy to review.

When things like this happens multiple times, and even after code reviews, then it's too easy to just blame the contract authors.