Tuesday, November 7, 2017

Safer smart contracting

Sorry Devops199, we know you didn't mean to destroy $300 million in ether.

https://motherboard.vice.com/en_us/article/ywbqmg/parity-multi-signature-wallet-vulnerability-300-million-hard-fork

I've posted before about how Ethereum takes risks in its design, although I'm usually thinking more about its use of cryptography. Well this particular $300 million issue was NOT a bug in Ethereum, it was a bug in a smart contract. One might say we should not blame Ethereum any more than we should blame Bitcoin for Mt. Gox. But on the other hand, Mt. Gox was possible because it wasn't using the blockchain to secure its funds, whereas those $300 million disappeared through the use of Ethereum-supplied smart contracting facilities, and I gather it affects users who hold their own private keys. This one was not a custodial risk issue. (Unless you count the coding itself.)

In the end I do not blame this on Ethereum, but I do think Ethereum should develop safeties and proveability in its contracting language.

No comments:

Post a Comment

Eltoo

This https://blockstream.com/eltoo.pdf