You are viewing a single comment's thread from:
RE: I'm an Independent, Strong, Crypto-Dev who don't need no Security Audit!
- Vitalik Buterin didn't invent Solidity, he invented EVM.
- Ethereum Foundation actually paid for a security audit. And, amazingly, the problem which hit The DAO was mentioned by the audit company. (But in the passing.)
- Formal verification can be incredibly expensive. Are you sure you aren't confusing Ethereum Foundation which got about $20M to play with with Intel which has $50B yearly revenue?
- Smart contract language research can take many years. Ethereum made a smart choice of standardizing EVM. New, better languages can be developed. They will be developed once more money will pour into the industry.
And your second point is wrong. The security audit made no mentioned of the recusive call function.
Hobbyists mentioned it in blogs.
Wrong. The LeastAuthority report reported "reentrancy hazards":
They described exactly the problem which affected The DAO, and how to avoid it, and how to make language/VM resistant to such errors.
$20M to play with. I don't know what world you inhabit. I inhabit a world where security researchers in dusty faculty buildings earn under $20,000.
This piece was satirical, so the details aren't 100% but I hope you understand the general message.
I don't care whether John, Mick or George invented Solidity. The Ethereum foundation created it, and my point still stands. There's tons of literature on formal languages no need to reinvent the wheel with a bullshit language.
Smart contract language research is decades old (read nick szabo's '02 blogs for example, which cites older research)
They have created no new unexplored field, just reinvented the wheel with half-baked pump material.
You don't understand what you're talking about. Formal language is a language which has a grammar. Pretty much any programming language is a formal language.
You probably meant formally-verifiable language. There are many ways to approach formal verification, none of them is general purpose. So it's still a question what kind of formal verification is needed for smart contracts.
Contract languages are still a research subject. Again, they are still not general enough.
Tbh I was sort of trolling, just skim read a reddit post on formal verification and jumped on the fud train
The real DAO hacker agreed to an interview