Bitcoin Forum>Bitcoin>Development & Technical Discussion
Pages:
Author

Topic: Bad Code Has Lost $500M of Cryptocurrency in Under a Year - page 3. (Read 1195 times)

HeRetiK
legendary
Activity: 2912
Merit: 2066
Cashback 15%
Re: Bad Code Has Lost $500M of Cryptocurrency in Under a Year
February 13, 2018, 03:05:34 PM
#3
Seeing how security and actual software engineering often comes as an afterthought, instead of serving as a fundamental requirement, it comes to very little surprise to be honest. I guess that's the downside of the comparably low entry level when it comes to developing crypto related software (as opposed to, say, traditional finance, military and aircraft applications).

Properly handling immutable, decentralized transactions is hard and mistakes are costly without recourse. Even moreso when it comes to smart contracts. It seems like a lot of companies and developers haven't yet fully fathomed the implications of what processing irreversible scripts and transactions really means.


I mean...

Quote
“There was a bug on Bitgrail where if you placed two orders you got double balance added to your account. You could then withdraw while the orders were up and steal the coins. You had negative balance in the end but you could just make a new account.”

What the. Actual. Fuck. That would be bad enough in traditional finance or actually any online application that handles money. But in crypto such a bug becomes fatal.



Quote
The cryptocurrency most commonly associated with catastrophic bugs is ethereum. That’s not due to its underlying code, but on account of the smart contracts that can be built on top of the ethereum framework.

Here's the next thing. Granted, if Solidity where more strict and rigorous its developer base would likely be much much smaller. Nonetheless I'd argue that such strictness would be required to allow somewhat reliable smart contracts. With Solidity it may not be a code issue, but it's definitely a design issue. I don't follow Ethereum all that much, so I might be missing parts of the big picture, but what I always ask myself is: If blockchain veterans such as the Ethereum development team is unable to design a sound smart contract platform, how can we expect blockchain rookies -- which is what most of us are, given how young crypto is -- to implement reliable smart contracts on that very same platform?

Sorry if this post comes off as ranty, I guess irresponsible code just kind of grinds my gears.
ABCbits
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Re: Bad Code Has Lost $500M of Cryptocurrency in Under a Year
February 13, 2018, 02:40:03 PM
#3
And that's reason why some cryptocurrency technology development looks very slow, testing huge technology takes time and there are many bugs which unseen at development stage. Also, it's another reason not to keep your cryptocurrency in exchange and not to participate in ICO/project which looks shady or don't have much experience.
Nrcewker
copper member
Activity: 2156
Merit: 536
Promotional Campaign Manager|Telegram @NrcewkerBTC
Re: Bad Code Has Lost $500M of Cryptocurrency in Under a Year
February 13, 2018, 10:57:42 AM
#2
i think investors should learn from this . i see mostly peoples are looking for cheap development companies but they forget they will get what they paid for ..

when you starting a exchange company for God Sake hire a professional company where educated peoples worked but they will charge you more money then a individual or freelancer developer but they can give you good work
AGD
legendary
Activity: 2069
Merit: 1164
Keeper of the Private Key
Re: Bad Code Has Lost $500M of Cryptocurrency in Under a Year
February 13, 2018, 09:05:18 AM
#1
https://topbitcoin.lv/bad-code-lost-500-million-cryptocurrency-year/

Quote
Cryptocurrency can be lost in a variety of ways, from hacking to forgotten passwords and failed flash drives. But in dollar terms, one of the biggest causes of crypto losses is bad code, and it’s not usually the fault of the coin’s developers. Instead, third parties, including shoddy smart contract developers and shady exchanges, are to blame for losses that have reached half a billion dollars in the last seven months.

Last week, news.Bitcoin.com reported on the demise of Bitgrail, which contrived to lose $170 million of nano cryptocurrency. While the precise sequence of events that caused the catastrophic collapse of the exchange with the assets of thousands of customers is still being confirmed, poor code is being blamed. As reported at the time:

There are rumors that Bitgrail became insolvent following a withdrawal bug that was discovered by some users and then shared in Discord and other chat groups, causing the wallet balance to gradually diminish. One user explained: “There was a bug on Bitgrail where if you placed two orders you got double balance added to your account. You could then withdraw while the orders were up and steal the coins. You had negative balance in the end but you could just make a new account.”

Bad Code Has Lost $500 Million of Cryptocurrency in Under a Year

In the aftermath of the incident, this theory has been bolstered by allegations that a bug was indeed responsible, and not in nano’s code, but in Bitgrail’s. One source asserted: “There was a bug, on the withdraw page. But this check was only on java-script client side, you find the js which is sending the request, then you inspect element – console, and run the java-script manually, to send a request for withdrawal of a higher amount than in your balance. Bitgrail delivered this withdrawal. How many people did this? Who knows.”

There was another bug, you could request a withdrawal to your address – from another user-id, from another user-account. That would cause the other users balance to have “missing funds” or “negative balance”. Bitgrail bomber solved this bug by manually entering the “correct” numbers in his database. This is what you get for using a PHP website coded by same skill-level as CfB of IDIOTA.

Even the Best Cryptocurrencies Aren’t Immune to Poor Code

The cryptocurrency most commonly associated with catastrophic bugs is ethereum. That’s not due to its underlying code, but on account of the smart contracts that can be built on top of the ethereum framework. First there was the DAO, which led to ethereum being forked right out the gate, and then there was the Parity bug that caused 150,000 ETH to be stolen, followed by the other Parity bug that caused $168 million of ETH to be locked up.

In the past couple of weeks, ethereum bugs have surfaced once more, albeit on a smaller scale. Proof of Weak Hands (PoWH) was a joke scamcoin which turned into an actual scamcoin after a bug led to the loss of 900 ether worth $1 million that had been sent to the contract address. The developer then disappeared after receiving death threats from investors aggrieved to discover that the joke Ponzi they were buying into was even less legitimate than it had seemed.

PoWH has since spawned a new scamcoin called ethpyramid which is for “strong hands only”. To the question “Is Ethpyramid secure?” the site responds “Yes. Our dev team put a lot of time into refining and testing this contract to make sure your tokens are safe. Internal functions of the contract are not accessible to the end user.” There’s also PoWH420, “the world’s dank autonomous and self-sustaining 420 pyramid scheme”.


Even if joke coins and their joke developers are taken out of the equation, it’s evident that cryptocurrencies are only as strong as their weakest link. While altcoins such as ethereum and nano have undoubted potential, like every other crypto they’re hostage to bugs lurking in wallets, smart contracts, and exchanges. One bad line of code is all it takes.
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: