Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 5 from 5 users
Re: Bad Code Has Lost $500M of Cryptocurrency in Under a Year
by
HeRetiK
on 13/02/2018, 19:05:34 UTC
⭐ Merited by AGD (1) ,ETFbitcoin (1) ,nullius (1) ,LoyceV (1) ,suchmoon (1)
Seeing how security and actual software engineering often comes as an afterthought, instead of serving as a fundamental requirement, it comes to very little surprise to be honest. I guess that's the downside of the comparably low entry level when it comes to developing crypto related software (as opposed to, say, traditional finance, military and aircraft applications).

Properly handling immutable, decentralized transactions is hard and mistakes are costly without recourse. Even moreso when it comes to smart contracts. It seems like a lot of companies and developers haven't yet fully fathomed the implications of what processing irreversible scripts and transactions really means.


I mean...

Quote
“There was a bug on Bitgrail where if you placed two orders you got double balance added to your account. You could then withdraw while the orders were up and steal the coins. You had negative balance in the end but you could just make a new account.”

What the. Actual. Fuck. That would be bad enough in traditional finance or actually any online application that handles money. But in crypto such a bug becomes fatal.



Quote
The cryptocurrency most commonly associated with catastrophic bugs is ethereum. That’s not due to its underlying code, but on account of the smart contracts that can be built on top of the ethereum framework.

Here's the next thing. Granted, if Solidity where more strict and rigorous its developer base would likely be much much smaller. Nonetheless I'd argue that such strictness would be required to allow somewhat reliable smart contracts. With Solidity it may not be a code issue, but it's definitely a design issue. I don't follow Ethereum all that much, so I might be missing parts of the big picture, but what I always ask myself is: If blockchain veterans such as the Ethereum development team is unable to design a sound smart contract platform, how can we expect blockchain rookies -- which is what most of us are, given how young crypto is -- to implement reliable smart contracts on that very same platform?

Sorry if this post comes off as ranty, I guess irresponsible code just kind of grinds my gears.