Topic: Bad Code Has Lost $500M of Cryptocurrency in Under a Year - page 2. (Read 1195 times)

I’m happy to help.

As I said in my post, Simplicity is still in the research stages.  I linked to the original Simplicity paper (PDF) in one of my earlier posts in this thread.  Per the whole subject of this thread, doing things right takes time!  A formally verifiable domain-specific language needs serious R&D work.  This is the stuff of heavy-duty computer science; it is not something which can be slapped together overnight.

I think if you read the paper, you’ll be as impressed as I am.

Note that anything in the research stage does not have guaranteed results.  I think the concepts look sound, insofar as I am able to understand.  The hard maths of provable code exceed my own level of education (not only in Simplicity).  Yet if you walk through the paper, I think you’ll find the general shape of Simplicity not difficult to grasp.  It’s called “Simplicity” for a(t least one) good reason:  It’s designed to provide a foundation which will be simple to use for building powerful smart contracts (never mind the R&D to get to that point).  The people working on it do have a track record of delivering results.  I look forward to seeing how this develops.

Hi Nullius, thank you for your very blunt and honest answer.  I appreciate it.  

I'm going to start learning Simplicity ASAP.  

If anybody else here knows of any resources of how to best learn it, it'd be greatly appreciated.

Thanks in advance!
Z

I don’t think this would solve the problem that caused these losses. Bitcoin core doesn’t have any functionality that keeps track of user balances that are separate and distinct from wallet balances.

To my knowledge, these companies were tricked into signing transactions for amounts larger than they should have. I don’t believe there were any issues with the wallet software in that the wallet behaved as it should have — the wallet software did not think deposits were received that never confirmed and signed transactions as instructed.

I think the root cause of this is bad business practices. Notwithstanding poor implementation of verifying account balances (and similar) these companies either held way too much money in their hot wallet, did not verify DB balances matched blockchain balances (within a reasonable variance), did not investigate the root cause of overdrafts and/or a combination of the above prior to topping off the hot wallet.

As a general rule, good programmers can write good code in whatever language they happen to use; and bad programmers will write bad code in any language they try.  Moreover, no formulaic technique will turn idiots who don’t know what they’re doing into software engineers.

Bitcoin Core is the gold bitcoin standard for reliable Bitcoin software.  It is written (primarily) in C++.  Programmers such as gmaxwell, sipa, and others who write excellent code for this project have no need to switch to another language, unless they find technical reasons which would make another language a better tool for the job.  Also, they have no need to be taught “certain practices”—whatever they do, it is evidently working.

I myself write in C.  In my experience, one ready means for me to find a fool who has scant, shallow understanding of technology is to wait for someone to give me a popular speech about “memory-safe languages”, or whatever.

On the flipside, the idiots who created the software disasters in this thread could have been writing in pure Haskell—they still would have created disasters!  Morons who even think of using client-side validation code for financial transactions are innately incapable of writing good code.

There is no magic bullet for creating the software engineering of which HeRetiK speaks.  And those who believe that the former exists, will never do the latter.

One exception to the aforestated general rule is such a thing as smart-contract code which lives on the blockchain.  That code must be absolutely free of bugs—including as of compiler bugs, etc., which can undermine even perfectly-written code.  For any relatively complicated program, the only means to guarantee bug-free code is to mathematically verify its properties.  That is why I am so excited about the Bitcoin Simplicity research, as discussed above; but that is still in the early research stages.


I think the first step is for people to stop grabbing onto crypto-nonsense, from fly-by-nights who bang out shoddy code for Bitcoin, to ICOs of any kind.  There is an incentive to write awful quality code, when people actually buy into it.  As LoyceV observed only a few posts ago:

---

(P.S.:  Please trim your quotes.  Thanks.)

Do you think certain practices such as TDD/pair programming/ and certain languages such as using a functional like Haskell/Lisp/F#/Clojure/Elixir/Erlang would've prevented these types of situations to begin with?  While anybody working with the web HAS to be proficient at JS, due to bugs from mutable state and potential tight coupling, I've really been reluctant to dive deep into C++/Python/(anything JS related Node/Solidity) when by just using another language, all of these potential threats are mitigated by default of the language.

Plus, as you mentioned, people would be in jail for losing large amounts of money, the potential liability a company has, to me at least, makes this a no-brainer. 

This thread is just another reminder of how important clean code principles are. 

Z

This needs to be in a stickied FAQ somewhere:


In the abstract, what the so-called “attacker” did was no different than a smart lawyer finding a gaping loophole in a contract.  It was fully authorized use of a computer network in the exact manner which the network was declared to be intended.  Per the legally binding terms of the DAO:  “The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413.  Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code.”

Following those terms was not an “attack”.  It most certainly was not a “theft”!  It was only the fully foreseeable result of declaring that “code is law”, and then writing low-quality code-law with unknown, unverifiable properties.  If you dare do that because you want a flashy media event with bucketloads of investor money suddenly pouring in, then prepare yourself for your doom by meditating on the cosmic (and comic) inevitable consequences:


This is why I am so enamoured with the Bitcoin Simplicity concept, which I linked to above.  It is serious research with the goal of producing mathematically provable contracts.  We need advanced smart contracts which have no code-loopholes, just as verifiably as “2+2=4” has no loopholes.  For in Bitcoin, code truly is law.  In Bitcoin, there shall never be the disgusting sham of a so-called “irregular state change”.  In Bitcoin, there is no central authority with the ability to mandate such a thing!

(I do think that centrally managed pretenders with mathematically unverifiable “smart” contracts are fully suitable for use as toys, such as CryptoKitties.)


More of the same, probably for awhile.  The people who do such things are not very creative.

Just my 2 Satoshis: I've disliked Ethereum ever since their one Unique Selling Point ("code is law" for smart contracts) got thrown out of the window after The DAO failed so hard they had to abandon their core principles and hardfork to get their money back. It proved that smart contracts are worthless if you don't understand them, which makes them worthless for almost everybody. In the case of The DAO, even the developers didn't understand the code, the only person who understood it was called "the attacker". Ironic!

I never expected Ethereum to go up in value this much after this fiasco. In my opinion, it would have been only logical to abandon the failed project. Many people didn't seem to care, and losing $500M within a year proves that once again.
Ethereum is now mainly used for ICO Token sales, which are almost exclusively very shady money grabbers. But greed wins from common sense over and over again.

Well said! PR is everything, create a token, a website, and a story, and people throw tens of millions of dollars at you!
Only a very small share of all cryptocurrencies put development first. Then again, it makes sense for the majority to only join crypto for quick cash. I'm really curious what will be the next phase in money grabbing, now that we've seen shitcoins, Token sales and hard forks.

Sorry, I can’t resist—that sounds funny to me, much time as I’ve spent thinking about a different type of zero-knowledge.

I presume that if the Bitgrail devs manufactured a vacuum cleaner, it wouldn’t suck.

---

“Snakeoil” is a good word for many most the numeric vast majority of the alts.  As for “flashy”, I’d say that plenty of the current and potential future features in Bitcoin (and Lightning!) are exactly that.  However, unlike snakeoil, they take longer to develop than the fifteen-minute attention span of the average social media reader; also, they’re not being hyped promoted by armies of social media sockpuppet shills and, in this forum, signature-spammers.

Developing good ideas takes time.  Developing them into reliable implementations takes more time.  Patience is a forgotten virtue, and was never known at all to the peculiar brand of technical incompetents who enjoy tossing about Other People’s Money.

Oh yes. Solutions such as Simplicity are exactly why I give Bitcoin a better chance of survival than most of the alts. The academic work being done around Bitcoin is amazing. It might not be as flashy as the snakeoil that some of the alts are selling, but at least it has substance.



That reads less like bug descriptions and more like a checklist of what not to do. The second point -- not entrusting critical verification to client-side code -- is literally one of the first things that gets drummed into your head when learning web development.

Not just that.
Bitgrail Shitgrail had 2 more bugs:

1) You were able to withdraw twice the amount when following this procedure:

• Request withdrawals
• Wait for email confirmation; Don't confirm.
• Request a second withdrawal (same amount)
• Wait for email confirmation; Click on the link and confirm
• Success. You just received 2 withdrawals

2) You were able to withdraw an amount you didn't have as balance:

• Request a withdrawal
• Realize the check for the maximum amount happens client-side instead of server-side
• Manipulate the javascript (yes, javascript.. WTF)
• Profit. You just withdrew a way bigger amount, leaving your balance on Bitgrail Shitgrail at a negative amount

Those bugs don't happen by accident.
Such bugs appear when the coder has zero (really: ZERO) knowledge.

But its not like hes only unable to code properly, no.

Francesco - Shitesco - Firano claimed 17 million nano got 'hacked' and 'stolen' from his cold wallet.



To sum it up: Shitgrails owner is not just a bad coder, he seems to have zero knowledge on how to perform an exit scam properly.
The FBI already has been informed and investigations are starting. He will get what he deserves.

On reading OP, my own first thought was of the whining in certain quarters about Core’s relatively slow pace and “it’s done when it’s done” policy.  Also directly related is persistent calumny over their cautious desire to avoid hardforking the chain, and do so only if necessary—following research of what could happen, and how to prevent “oopsies”.  I even once saw somewhere an explicit suggestion that Core should follow the amateurish wannabe cool kid Silicon Valley 2.0 motto of “move fast and break things” (!).

Whereas to the best of my knowledge, Core is the first and thus far, only open-source project wherein a tiny little bug could directly destroy liquid value equivalent to a hundred billion dollars in a microsecond.  I appreciate the “it’s done when it’s done” approach.

---

There is pertinent idiom, “Other People’s Money”.  I’ve mostly seen it applied by people who are critical of Bitcoin altogether, on grounds of the amount of ridiculously stupid code which idiots deploy to (mis)handle Bitcoin.  Of course, that’s like criticizing computers because most software of all kinds is trash (and so are all popular CPUs!).  Solution:  Don’t entrust your bitcoins to ridiculously stupid code, and don’t use services which do.

---

It’s not only a matter of Solidity.  IIUC, the exploitation of loopholes in the DAO contract (not a “hack”) applied some interesting “features” of the Ethereum VM itself.  Anyway, the whole concept of bolting a Turing-complete VM onto a blockchain is sheer lunacy.

This is why I am drooling over the concept of Simplicity (PDF) for Bitcoin.  A powerful smart-contracts DSL with formally verified properties, which is designed to support writing of formally verifiable contracts, is exactly what we need.

This is why I have always taken extra measures when accessing anything that had to do with bitcoin, namely using a VPN or Tor so in order there is a leak, they couldn't get your IP, and also disabling javascript. I have never trusted exchanges, and I still don't to this day, specially now that they ask for a god damn selfie while holding your ID. It's a matter of time some day we are going to have a HUGE leak on a big exchange database, and everyone that gave a picture of them holding an ID will have this picture attached to their bitcoin addresses and then sold on the darkweb for extortion or some sick shit. I was never looking forward to that.. no thanks, which is why I always used fake names on Poloniex for example, and just left any exchange that forced me to give them my data (Bittrex doesn't even let you trade between altcoins anymore without full verification... fuck them!!)

Never trust anything, it's all compromised, everyone just wants to steal your bitcoin. I can't wait for atomic swap decentralized exchanges so I don't need to trust exchangers and the scammers running these while having javascript on.. ridiculous.

This industry is very fresh. You should always have double-check code reviews with your team, if not quad-check it. This is why hackathons and bug-bounty programs exist. It should never be the responsibility of one, team work is very important. Everyone is trying to quickly get into the industry and try to make money, however ethical issues should also be kept in mind. The stronger your code is, the better your reputation is, the better your product will be.

It seems like both developers and investors tend to forget that they are handling real, actual money. Would you leave a suitcase full of cash in the middle of the street? Would you give your credit card data to some random stranger on the internet? That's what basically happens in crypto all the time.



I absolutely agree with you. As much as I love that whole wild west, new frontier vibe that crypto is swinging, I so very much appreciate the formal approach that Bitcoin and some of the alts have taken.

To be fair, handling crypto is especially tricky. Holding what equates to actual cash on a computer system is unprecedented prior to cryptocurrencies. Even if you were handling payments there was usually some form of rollback available, should things go awry. Not so with crypto, yet it seems to be partially held to lower standards than finance which is insane.

Nonetheless we've come a long way since MtGox. It's almost as if the market has begun to realize that crypto is a billion dollar business now.



Hats off to you for critically evaluating technologies. I know this approach should be the standard, however it unfortunately isn't, which makes me all the more glad to hear that there are still organizations and companies out there that take a sane and prudent approach at blockchain techologies.



I don't think that European banks are much better in that regard.

Referring to "But who would bank with a company that was so careless with funds".... I honestly think that consumers are at least partially to blame on that matter. If people would avoid shoddy exchanges in the first place, a lot of these dramas could be avoided.

Majority of the cases were properly calculated and scam. Investors would never be able to know and even if they do, not much can be done. I believe all these issues would be things of the old in crypto.

Some services with less than competent developers should not be working in something that holds millions of dollars.

But other projects with supposedly "competent" developers and still have caused coins to be stolen or lacked deserves to be hanged. They have no excuse.

I wholeheartedly agree with you.  I couldn't believe that there was apparently a client-side JavaScript exploit on that Bitgrail exchange, where that was the only check it had to verifying an accounts balance!?!  Seriously, code that runs in someone's web browser, wtf?  That type of foolishness wouldn't make the cut for a web game, to say nothing of financial transactions of real value.

In my view, best-practices standards are needed for security and code audits.  There are many attempts at this out there, it needs to be pulled together, structured and maintained like RFC or BIP standards are, and proliferated through the field.  Especially considering we are dealing with a rapidly evolving technology, these standards need to be maintained on an ongoing basis.  I know the steps I take to lock down a server today in 2018 are different in quite a few ways than they were in 2014, for example.

My organization is going to be looking at this issue because it's a real problem that needs some coordinated focus.  We're conducting our launch fundraiser right now with an Ethereum ERC20 token, but I have real concerns with the stability of that platform moving forward.  A deep dive is in order with some consultations with the gurus before I make any long-term decision I'll live to regret on platforms.  In some ways it's a shame, the Ethereum platform does seem good "on paper", but has some real flaws that need to be met before I would place the kind of trust in it that you do to a financial institution.

If a bank lost $500M in a year, people would be in jail!  (Well, maybe not here in the U.S., but only because the banks own our government [for now]).  But who would bank with a company that was so careless with funds it has custodial control over?

I might sound ranty back, but it's only because it's so outrageous.

Best regards,
Ben

Yeah, a lot of the stuff that I've seen happening with the alts (eg. IOTA and its self rolled crypto or that whole Parity debacle... twice) and some of the hardforks (eg. B2X's insta-death and the BCH difficulty fluctuations) during the last year made me really appreciate the way Core handles things. Sure, progress may seem slow, but it's slow for a reason. Stuff's done when it's done. You can't just move fast and hardfork things. I mean you can, obviously, but its not necessarily a development and design philosophy that I personally could get behind.

Same with turing complete smart contracts. It just seems like such. A bad. Idea. Regardless of the underlying blockchain.

Maybe with some improved tooling, rigorous testing and a solid development approach this could work, alas who has time for that when there's a marketing campaign for your upcoming ICO to be run?

I love watching the altcoin and token space, but for every good idea there's a metric shitton of wtfs going on. And those whitepapers. So much fluff, oh so much fluff. Jesus.

Couldn't agree with this more. I get some people have had great ideas, I believe ETH is one of them, but SO many alts are just guys/teams with a get rich quick plan.

A lot of good reasons to stick with Bitcoin, esp. Core and keep running full nodes and I also would trust smart contracts a lot more, if they would be based on the the Bitcoin blockchain than on any other shitchain.  In my opinion ALL of the > 1000 Alts are rather the result of missed financial/fame opportunities than a real technological progress.