Another day, another cryptocurrency clusterfuck



  • Yesterday, a hacker pulled off the second biggest heist in the history of digital currencies.
    Around 12:00 PST, an unknown attacker exploited a critical flaw in the Parity multi-signature wallet on the Ethereum network, draining three massive wallets of over $31,000,000 worth of Ether in a matter of minutes. Given a couple more hours, the hacker could’ve made off with over $180,000,000 from vulnerable wallets.
    But someone stopped them.
    Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did.
    By exploiting the same vulnerability, the white-hats hacked all of the remaining at-risk wallets and drained their accounts, effectively preventing the attacker from reaching any of the remaining $150,000,000.


    A key part of Ethereum is "smart contracts", small programs you write to process funds.
    Looking at the languageabomination that is used to write these smart contracts shows some gifted designers at work:

    Everything is 256 bits wide, including the "byte" type. This means that whilst byte[] is valid syntax, it will take up 32x more space than you expect. Storage space is extremely limited in Solidity programs. You should use "bytes" instead which is an actual byte array. The native 256-bit wide primitive type is called "bytes32" but the actual 8-bit wide byte type is called "int8".

    For loops are completely broken. Solidity is meant to look like JavaScript but the literal 0 type-infers to byte, not int. Therefore "for (var i = 0; i < a.length; i ++) { a[i] = i; }" will enter an infinite loop if a[] is longer than 255 elements, because it will wrap around back to zero. This is despite the underlying VM using 256 bits to store this byte. You are just supposed to know this and write "uint" instead of "var".

    Source: https://news.ycombinator.com/item?id=14691212

    All state is mutable by default (this includes struct fields, array elements, and locals). Functions can mutate state by default. Both are overridable by explicit specifiers, much like C++ "const", but you have to remember to do so. Even then, the current implementation doesn't enforce this for functions.

    Operators have different semantics depending on whether the operands are literals or not. For example, 1/2 is 0.5, but x/y for x==1 and y==2 is 0. Precision of the operation is also determined in this manner - literals are arbitrary-precision, other values are constrained by their types.

    The language has suffixes for literals to denote various units (e.g. "10 seconds" or "1000 ether"). This is purely syntactic sugar, however, and is not reflected in the type system in any way, so "10 second + 1000 ether" is valid code.

    Source: https://news.ycombinator.com/item?id=14810008

    Types shorter than 32 bytes are packed together into the same 32 byte storage slot, but storage writes always write 32 bytes. For some types, the higher order bytes were not cleaned properly, which made it sometimes possible to overwrite a variable in storage when writing to another one.

    Source: https://kovan.etherscan.io/solcbuginfo


  • Discourse touched me in a no-no place

    @dcoder said in Another day, another cryptocurrency clusterfuck:

    A key part of Ethereum is "smart contracts", small programs you write to process funds.

    Random users are writing and sending around programs to handle money? Crikey! There's no way that could possibly go wrong…


  • sockdevs

    @dkf and doing so in a literal contender for new worst language ever! Finally PHP is looking so much better :laughing:


  • area_pol

    This is completely the wrong approach for smart contracts.
    The idea behind a contract is that people agree on something and codify their agreement.
    Both parties should understand the contract, otherwise the side that does not understand it can be exploited.
    We already have this problem with excessively long and complex real-world contracts, with unclear language and fine prints.
    Ethereum replaces that with a code, which is notoriously difficult for people to read and understand.
    If an Ethereum contract does not even do what its creator wants it to do, how can a customer of the contract have trust in it?

    It maybe could work is it was build of a predefined set of high-level blocks, like exchange tokens A for tokens B at rate R or people holding tokens V vote on a choice from (these alternatives.



  • @dcoder BTW "hack" is a bad word for this.

    The whole point of the Etherium "smart contracts" is that the software defines what happens. The program is the sole commander of the wallet whose decisions can not be questioned or rolled-back.

    They wrote software that let any random dude control those wallets. There was no hack. Now, they probably didn't intend to publish the program in that way, but by the ethics of their own community no hacking was involved, and the contract they wrote was followed to the letter. (By both the original stealer, and the other people who "fixed" it by pre-emptively stealing the rest.)


    The funny thing is apparently this horrible JS-abomination language is actually written atop a pretty competent virtual machine. At least, no flaws have been found in the VM itself yet, only in the horrible moronic language they made to compile to it.

    This also means less moronic languages can be made to target the same VM in the future. But I'd never put a cent of mine in a "smart contract" regardless, such a terrible idea.


  • area_pol

    @blakeyrat said in Another day, another cryptocurrency clusterfuck:

    Now, they probably didn't intend to publish the program in that way, but by the ethics of their own community no hacking was involved, and the contract they wrote was followed to the letter.

    They used to claim that, but then came the DAO hack and the amount of money stolen was big enough that the devs decided to fork the chain and undo the hacker's operation.

    So: these are the rules, but if you are rich they don't apply to you.


  • sockdevs

    @adynathos said in Another day, another cryptocurrency clusterfuck:

    So: these are the rules, but if you are rich they don't apply to you.

    Ah, just like real life </satire>


  • Impossible Mission Players - A

    @dcoder said in Another day, another cryptocurrency clusterfuck:

    Everything is 256 bits wide, including the "byte" type. This means that whilst byte[] is valid syntax, it will take up 32x more space than you expect. Storage space is extremely limited in Solidity programs. You should use "bytes" instead which is an actual byte array. The native 256-bit wide primitive type is called "bytes32" but the actual 8-bit wide byte type is called "int8".

    JonTron: WHAT. WHAT THE FUCK? – 00:04
    — ZoruaPaul



  • @dcoder said in Another day, another cryptocurrency clusterfuck:

    the hacker could’ve made off with over $180,000,000 from vulnerable wallets

    TRWTF is it being valued at 180M


  • sockdevs

    @wharrgarbl said in Another day, another cryptocurrency clusterfuck:

    @dcoder said in Another day, another cryptocurrency clusterfuck:

    the hacker could’ve made off with over $180,000,000 from vulnerable wallets

    TRWTF is it being valued at 180M

    I imagine it isn't anymore.......



  • @accalia Don't underestimate the willingness of some people to part with their money:


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.