Re: [OT] - A hacker stole $31M of Ether — how it happened, and what it means for Ethereum

Rene Zwanenburg via Digitalmars-d Fri, 04 Aug 2017 02:56:32 -0700

On Friday, 4 August 2017 at 08:33:42 UTC, RazvanN wrote:

On Friday, 4 August 2017 at 05:57:00 UTC, Nick B wrote:
See -https://medium.freecodecamp.org/a-hacker-stole-31m-of-ether-how-it-happened-and-what-it-means-for-ethereum-9e5dc29e33ce
[...]
I don't think the problem was with the blockchain here. It isusually a bad idea to have turing-complete scripts overblockchains. From what I've seen the bug was that there wasissued a library call based on a user-provided string. Thatcould have never happened if they would have used D with @safe



D's OpDispatch is very similar to what caused this bug ;)

struct Library
{
  void doSomethingUseful(){}
  void doSomethingNice(){}
  void resetSecurity(){}
}

struct BuggyContract
{
  private void customizedBehaviour(){}

  void opDispatch(string f)()
  {
    if(f == "doSomethingUseful")
    {
      customizedBehaviour();
    }
    else
    {
      mixin("Library.init." ~ f ~ "();";
    }
  }
}

Re: [OT] - A hacker stole $31M of Ether — how it happened, and what it means for Ethereum

Reply via email to