So all the brains and noise in crypto and open source projects over looked such a disaster?
I'm not sure whether to congratulate you or offer my condolences to the dev team and the big players.
This is rather interesting, not only for crypto, but also for all open source projects; having a project "open source" and calling the myth of "open source is more secure" doesn't make the code more secure.. Having developers like yourself actually looking into the code and testing the hell out of every possibility is what makes it secure.
Nice work, hope a fix, patch, rebirth or whatever you want to call it will be pushed out soon as such noise is in no way good to any cryptos including but not limited to Bitcoin
Open source is more secure exactly because it can get wider peer review. Programmers make mistakes, but with closed source issues can go un-notices for years - even on purpose while other exploit the 0day. The NSA have been doing this for example.
Exactly, I'm not saying it isn't, I'm trying to say that if a software is open source, it shouldn't be taken for granted. I'm not a dev myself, I wish I were, but I think devs in the crypto community should make some sort of organization to do nothing but test for such bugs and us the users can donate to them, or they should be paid from TX fees, ads etc... This community is getting wider and bigger, being decentralized doesn't mean we can't have a well known organization to look after the technical side of things for all crypto related software
Well, I disagree, I see it as the duty of the exchanges and wallet services to perform this kind of scrutiny / review before adding a new alt-coin to their assets. I know that this has not been the practice so far, while everything has been wild west gold digger mentality, but things are getting legit, and you should do your best to secure your customers values. Anyway, it was actually in this process I found the above bugs, and I have seen other bugs in other alt-currencies, but never any alarming ones until now.
If this were the case, we'd be putting a lot of faith into exchange devs. Historically speaking, this doesn't feel like the safest idea. Frankly, I don't see this model eliminating the aforementioned concerns. Establishing a publicly-operating organization, one disconnected from any exchanges, and without any coin devs, feels like an option that could promote more security whilst eliminating personally vested interests from influencing a specific coins reputation. If a coin could pass the organizations' tests & review, we've got a seal of approval, which could impact the frequency pump and dump coins.
Truth be told, my technical/coding prowess is certainly underwhelming compared to many in this community, so the following is purely thoughts aloud. ...on a screen.
Operating such an organization would take a development team as coin investigation would be rigorous & thorough. This sounds expensive. How is it funded?
A. Directly by exchanges. If the organizations' Seal of Approval proved useful and gained support, this could force the exchanges to use the org's services when adding new coins, lest they run the risk of allowing other exchanges to gain a competitive edge.
B. Conglomerate. Exchanges are given the option to enroll with the organization. Upon enrollment, a % of fees generated (or flat rate [perhaps reoccurring], whatever) is contributed to a fund. This is the operating fund for the organization. New coins can submit application directly to the org for approval. At this point, the enrolled exchanges vote on investigatory review.
C. By the community. Seems difficult as it would be donation based. This sounds like its begging for closed door deals, bribery, and kickbacks.
What to avoid?
A. Operating in private. It seems to me we'd all benefit from such a group posting their investigations so the technical community can review where any conclusions are coming from. Devs miss things, as Libcoin has pointed out. Enabling the community to review the work of the organization would lend to benefit all involved.
B. A Future funding operation model - i.e. The organization being funded with the coins it approves. Keeping the organization unbiased is key.
This is a half formed thought. 9-5 work is calling. I could expand on these ideas if its of interest. Cheers!