Topic: [ANN][LSK] Lisk | Blockchain Application Platform for JavaScript Developers - page 932. (Read 3074324 times)

Thoughts on The DAO Hack

The current language does not fulfill any of these commandments, and in fact, the last one, involving implicit recursive calls, is what did The Dao in.

http://hackingdistributed.com/2016/06/17/thoughts-on-the-dao-hack/

People don't write smart contracts on Lisk in JS. They either develop a blockchain with special transactions (e.g. to send a message), implement a back end function (e.g. to calculate a random number), or connect to/implement directly other services (e.g. to use smart contracts, oracles, storage).


Hello everyone,

It seems like I am currently in a zone of China with faster internet (I am sitting in the train), or I am just lucky. (I need a VPN to access e.g. BTT and it is usually unusable slow.)

I hope everything is fine. In times like these we need to unite and try to help each others. At this stage it is all about cryptocurrencies, blockchains and blockchain/decentralized apps. I wish the best for the Ethereum and TheDAO community.

i read this nice summary from Zer0Sum here: https://bitcointalksearch.org/topic/m.15257382

Just like a nuclear reactor, Ethereum is as safe as the quality of it's engineers...
And this is REALLY BAD news for LISK (and other platforms bolting on smart contracts)...
Who are floating the notion that random JS web coders can whip up safe smart contracts.

http://hackingdistributed.com/2016/06/17/thoughts-on-the-dao-hack/

Nah i dont think so , the recent turmoil has been over and partial funds are secured , moreover this recent turmoil made headlines and acted as publicity of Dao and i think they reached much to new investors and will be profited many folds than the loss that made during the glitch.

Not directly related to Lisk but a very(!) interesting article about the DAO-hack and Ethereum in general (also listing some weaknesses of ETH):

Thoughts on The DAO Hack

(...)

Is Ethereum/Solidity Suitable for Secure Smart Contracts?
It's clear that writing a robust, secure smart contract requires extreme amounts of diligence. It's more similar to writing code for a nuclear power reactor, than to writing loose web code.

Yet the current Solidity language and underlying EVM seems designed more for the latter. Some misfeatures are:

A good language for writing state machines would ensure that there are no states from which it is impossible to recover.
A good language for writing state machines would make it painfully clear when state transitions can and cannot happen.
A good language for maintaining state machines would provide features for upgrading the security of a live contract.
A good language for writing secure code would make it clear that there are no implicit actions, that code executes plainly, as read.
The current language does not fulfill any of these commandments, and in fact, the last one, involving implicit recursive calls, is what did The Dao in.

The SlockIt team even had the designer and implementor of Solidity perform a review of their code. If he cannot get something like The DAO to be secure, no one can.

A re-think seems called for.

(...)

http://hackingdistributed.com/2016/06/17/thoughts-on-the-dao-hack/


Edit: Another major issue is this:


(...)

The only reason the proposal exists at all is because the Ethereum developers have personally invested in the DAO, multiple posters have argued.

The conflict threatens to bring down the credibility of the entire currency. Not only was it possible to hack the system and move millions of dollars worth out of one of the currency's main backers – raising questions of its technical competence – but the developers have proposed intervening potentially for their own financial gain in the inner workings of the entire system – raising political questions over how it is run.

http://m.theregister.co.uk/2016/06/17/digital_currency_ethereum/

Nah i dont think so , the recent turmoil has been over and partial funds are secured , moreover this recent turmoil made headlines and acted as publicity of Dao and i think they reached much to new investors and will be profited many folds than the loss that made during the glitch.

Lisk should be benefiting from the recent ETH/DAO turmoil; what gives?

Lisk should be benefiting from the recent ETH/DAO turmoil; what gives?

Lisk should be benefiting from the recent ETH/DAO turmoil; what gives?

I didn't see that coming. I'm sure we'll see trust lost across the crypto world for awhile as a ripple effect.

Not directly related to Lisk but a very(!) interesting article about the DAO-hack and Ethereum in general (also listing some weaknesses of ETH):

Thoughts on The DAO Hack

http://hackingdistributed.com/2016/06/17/thoughts-on-the-dao-hack/

Not directly related to Lisk but a very(!) interesting article about the DAO-hack and Ethereum in general (also listing some weaknesses of ETH):

Thoughts on The DAO Hack

(...)

Is Ethereum/Solidity Suitable for Secure Smart Contracts?
It's clear that writing a robust, secure smart contract requires extreme amounts of diligence. It's more similar to writing code for a nuclear power reactor, than to writing loose web code.

Yet the current Solidity language and underlying EVM seems designed more for the latter. Some misfeatures are:

A good language for writing state machines would ensure that there are no states from which it is impossible to recover.
A good language for writing state machines would make it painfully clear when state transitions can and cannot happen.
A good language for maintaining state machines would provide features for upgrading the security of a live contract.
A good language for writing secure code would make it clear that there are no implicit actions, that code executes plainly, as read.
The current language does not fulfill any of these commandments, and in fact, the last one, involving implicit recursive calls, is what did The Dao in.

The SlockIt team even had the designer and implementor of Solidity perform a review of their code. If he cannot get something like The DAO to be secure, no one can.

A re-think seems called for.

(...)

http://hackingdistributed.com/2016/06/17/thoughts-on-the-dao-hack/





Edit: Another major issue is this:


(...)

The only reason the proposal exists at all is because the Ethereum developers have personally invested in the DAO, multiple posters have argued.

The conflict threatens to bring down the credibility of the entire currency. Not only was it possible to hack the system and move millions of dollars worth out of one of the currency's main backers – raising questions of its technical competence – but the developers have proposed intervening potentially for their own financial gain in the inner workings of the entire system – raising political questions over how it is run.

http://m.theregister.co.uk/2016/06/17/digital_currency_ethereum/