top | item 14868819

(no title)

Quite the exaggeration, this silly meme has to stop. You make it sound like writing even a hello world would have horrible vulnerabilities or something. There are thousands of perfectly safe contracts deployed, one can't take some isolated incidents and make such conclusions from such a small sample.

discuss

nosuchthing|8 years ago

  If the creator of Solidity, Gavin Wood, cannot write a 
  secure multisig wallet in Solidity, pretty much confirms 
  Ethereum is hacker paradise.

[1] https://t.co/WAR3eltfWl

[2] https://www.cryptocoinsnews.com/hackers-seize-32-million-in-...

heliumcraft|8 years ago

That's tweet is factually incorrect.

Gavin Wood DID NOT write the change that caused that bug, he was not the assigned reviewer either. https://github.com/paritytech/parity/pull/3773

sillysaurus3|8 years ago

There are thousands of contracts where no vulnerabilities have been discovered yet. Mostly because there are larger targets to go after.

It's not true to say that something is secure just because it hasn't been broken yet.

I agree with your call for balance, but it's unnecessary to jump to the opposite extreme.

currymj|8 years ago

maybe not a hello world, but even very rudimentary 20 LoC contracts for, say, keeping account balances can have reentrancy vulnerabilities when written in the obvious way. so your customer could just give themselves an infinite balance.

i don't think it's impossible to write secure smart contracts but it takes quite a bit of care even for simple stuff.

there are many issues that arise because your functions might be called by an adversary who has set up the stack in an evil way.

edjere|8 years ago

Agree with this, especially with the "it takes quite a bit of care even for simple stuff", but this should not discourage developers to do so. One of the reasons to build this kind of infrastructure is to set proper standards for smart contracts development which are currently missing. As long as we are aware that we need to be careful, and we raise the quality of the code and keep on developing tools to improve development as a whole things should keep on moving forward.