A hacker stole $31M of Ether — how it happened, and what it means for EthereumHat Tip to Delong, he tracks this stuff and is an implicit sandbox supporter.
A contract, read escrow instructions, had a default method that re-initialized the contract account with new signatures! Allowing bots to initialize accounts? Not allowed. But more importantly, the macro codes that are part of contracts cannot loop, really, at all. They should beck up the tree and try again until timeout, or some finite count.
Ripple did the right thing by being second in the escrow stuff. They looked at ethereum and abstracted just the few critical synchronization functions needed, then kept their contracts limited to spanning tree without real loops. That is why they are willing to freeze accounts, the equivalent of a timeout, enforcing the contract to a known stable state.
It is all part of developing the sandbox, we expected these kinds of layer miscues. Not a big deal, the market will focus on one central escrow router to serve everyone on an ad hoc basis.
No comments:
Post a Comment