This is why I am drooling over the concept of
Simplicity (PDF) for Bitcoin. A powerful smart-contracts DSL with formally verified properties, which is designed to support writing of formally verifiable contracts, is exactly what we need.
Oh yes. Solutions such as Simplicity are exactly why I give Bitcoin a better chance of survival than most of the alts. The academic work being done around Bitcoin is amazing. It might not be as flashy as the snakeoil that some of the alts are selling, but at least it has substance.
Not just that.
Bitgrail Shitgrail had 2 more bugs:
1) You were able to withdraw twice the amount when following this procedure:
- Request withdrawals
- Wait for email confirmation; Don't confirm.
- Request a second withdrawal (same amount)
- Wait for email confirmation; Click on the link and confirm
- Success. You just received 2 withdrawals
2) You were able to withdraw an amount you didn't have as balance:
- Request a withdrawal
- Realize the check for the maximum amount happens client-side instead of server-side
- Manipulate the javascript (yes, javascript.. WTF)
- Profit. You just withdrew a way bigger amount, leaving your balance on
Bitgrail Shitgrail at a negative amount
Those bugs don't happen by accident.
Such bugs appear when the coder has zero (really: ZERO) knowledge.
[...]
That reads less like bug descriptions and more like a checklist of what not to do. The second point -- not entrusting critical verification to client-side code -- is literally one of the first things that gets drummed into your head when learning web development.