You are viewing a single comment's thread from:

RE: I'm an Independent, Strong, Crypto-Dev who don't need no Security Audit!

in #steemit8 years ago
  1. Vitalik Buterin didn't invent Solidity, he invented EVM.
  2. Ethereum Foundation actually paid for a security audit. And, amazingly, the problem which hit The DAO was mentioned by the audit company. (But in the passing.)
  3. Formal verification can be incredibly expensive. Are you sure you aren't confusing Ethereum Foundation which got about $20M to play with with Intel which has $50B yearly revenue?
  4. Smart contract language research can take many years. Ethereum made a smart choice of standardizing EVM. New, better languages can be developed. They will be developed once more money will pour into the industry.
8 years ago in #steemit by
$0.41
  • Past Payouts $0.41
  • - Author $0.38
  • - Curators $0.02
3 votes
Reply 6
Sort:  
  • Trending
    • [-]
     8 years ago  

    And your second point is wrong. The security audit made no mentioned of the recusive call function.

    Hobbyists mentioned it in blogs.

    [-]
     8 years ago  

    Wrong. The LeastAuthority report reported "reentrancy hazards":

    the refund callback could make a new donation, triggering another refund cycle, potentially double-refunding the earlier contributions, or failing to refund later ones

    It is usually possible to protect against these hazards with careful state management

    The object-capability community addresses this class of hazards by using the "eventual-send" operation whenever possible

    They described exactly the problem which affected The DAO, and how to avoid it, and how to make language/VM resistant to such errors.

    $0.00
      Reply
      [-]
       8 years ago (edited) 

      $20M to play with. I don't know what world you inhabit. I inhabit a world where security researchers in dusty faculty buildings earn under $20,000.

      This piece was satirical, so the details aren't 100% but I hope you understand the general message.

      I don't care whether John, Mick or George invented Solidity. The Ethereum foundation created it, and my point still stands. There's tons of literature on formal languages no need to reinvent the wheel with a bullshit language.

      Smart contract language research is decades old (read nick szabo's '02 blogs for example, which cites older research)

      They have created no new unexplored field, just reinvented the wheel with half-baked pump material.

      $0.00
        Reply
        [-]
         8 years ago  

        You don't understand what you're talking about. Formal language is a language which has a grammar. Pretty much any programming language is a formal language.

        You probably meant formally-verifiable language. There are many ways to approach formal verification, none of them is general purpose. So it's still a question what kind of formal verification is needed for smart contracts.

        Contract languages are still a research subject. Again, they are still not general enough.

        $0.00
          Reply
          [-]
           8 years ago (edited) 

          Tbh I was sort of trolling, just skim read a reddit post on formal verification and jumped on the fud train

          $0.00
            Reply
            [-]
             8 years ago (edited) 

            The real DAO hacker agreed to an interview

            $0.00
              Reply