Friday, July 21, 2017

Ethereum $30 million stolen - Why it really is a problem with Ethereum

"First, remember, this was not a flaw in Ethereum or in smart contracts in general. Rather, it was a developer error in a particular contract."

Really?!   It's not a flaw in Ethereum?   Yes... it is!

Are Ethereum contracts are based on the premise that only foolproof software developers should be writing contracts?   No I don't think so.  We all know that no developer is foolproof.   I believe it is based on the premise that developers should not write contracts where the value of the contract exceeds the minimum resources needed by other developers to exploit said contracts.  Time for an analogy.

If I am looking for a way to protect money, I may buy a little plastic piggie safe for my son's change, a metal lock box for some spending cash and a fireproof solid steel safe bolted to the house for my gold and silver.  The contents of each can be stolen and each provides reasonable protection for the value being protected by the safe.

After 15 years of software development I do trust my code, but I'm pretty sure with enough resources and motivation you can exploit it.   It turns out that the expenditure of resources to break and exploit some Ethereum contracts has been well worth it.  

We love the idea of Ethereum contracts, now what?

First of all, it's too new for these massively valuable contracts.   It's like a hackers dream waiting for these contracts while the value of Etherium skyrockets.

In my view Etherium needs a gate before any funds can be transferred via smart contracts.  Developers are going to write buggy code.  Signaling fund transfer and waiting a few days for execution gives everyone enough time to say, "Holy Shit", someone is about to steal the money!

Now that leads to a second issue.  Ethereum needs a way to invalidate the smart contract when the above scenario is true.  

"Oh my, that violates the smart contract!"  Hey, this is ETH not ETC.   There is already a precedent for rolling back funds with ETH.  Time to bake it into the system since the creator of Ethereum already sanctioned the idea.

"Wait, You can just write that into your contract!"  I just told you that I didn't trust my code with that much money!

Ethereum is the problem and will continue to be a hackers paradise until the system is made safer.

No comments:

Post a Comment