Augur REP Token Critical Vulnerability Disclosure

Augur REP Token Critical Vulnerability Disclosure(blog.zeppelin.solutions)

84 points by spalladino2 8 years ago | 20 comments

dmix 8 years ago |

> Second, the Serpent language is untyped. It allows any operation to be performed on any data. Every value is a 256-bit sequence which can be used as an address, a contract, an integer, or an array.

I normally dislike people who criticize startups for not being perfect from day one and understand it takes iterations and a wide audience to get things right. But this isn't a normal startup and security was an obvious big piece of the puzzle from day one. Their reputation and developer adoption will depend on it.

Why doesn't the primary Ethereum language have types? This is basic stuff if you're trying to reduce bugs from the outset.

From my understanding they wanted the language to be as accessible as JS... but even JS developers are all converging on types via TypeScript, Flow, and Babel plugins like babel-typecheck. It's basically an accepted requirement of "5th-gen languages"... let alone for language-based interfaces to security focused systems.

Immutability seems like another obvious choice here for catching errors at compile time and forcing careful design considerations.

Also the language should have a (typed) Quickcheck implementation that hammers each function with random data to check for breakage... and it should be documented as standard practice. https://begriffs.com/posts/2017-01-14-design-use-quickcheck....

The fact Tevos is built with OCaml and is focused on code safety/verification gives me hope there is some sanity in the cryptocurrency marketplace. But it still blows my mind that this stuff wasn't given proper foresight.

A security obsessed language designer should have been the first person hired to implement the VM and reference language on top of it. And competent security researchers, like the team in this blog post, should have been brought in to do QA at each major release. It's not like Ethereum has a shortage of funding for critical infrastructure.

MichaelGG 8 years ago | |

This isn't the JS-inspired language, that's Solidity, with it's own hilarious comedy of errors. Serpent is a Python-like language.

What makes Python or JS suitable for any sort of inspiration for smart contract programming is up for debate. Probably the idea that making it popular trumps making it right.

dmix 8 years ago | | |

Dynamic types make sense for newbie-friendly web languages like Ruby and stuff like bash/zsh or support languages like Lua is to game development... but I really don't see the downside to adding types for anything outside of that.

It's really not that much of a learning curve nor does it result in a significant amount of boilerplate.

People may believe static types are a drag from using Java or C++ but if you look at modern languages like Golang or typed Erlang/Elixir or Kotlin...it really isn't that bad at all. You don't even need to go hardcore with types the way Haskell does to get most of the safety gains.

It actually provides lots of useful abstractions to make your code more efficent, it makes it easier to read (especially for others using your code), and makes using standard libraries easier to use by just reading the type specs.

So I'm really curious what the motivations were here.

xorcist 8 years ago | |

To be fair, the Ethereum author sold shares in his quantum computer Bitcoin miner before starting his own coin. Security was likely not the primary design objective.

That the language was like javascript was one of the selling points (in a very real sense, as there was a lot to be sold before the software could be released).

moneytalks 8 years ago | |

The introduction of type checking in JS could just as easily be attributed to so many devs coming from other languages who don't want to leave their strong types security blankets behind.

The evidence for types preventing bugs is mixed. A strongly typed language in smart contracts may be entirely reasonable, but the rise of type checking in JS shouldn't be understood as evidence of anything more than many devs like having types.

And giving up types coming from another language feels like flying blind for someone used to having it. (Until you get used to it, imo, and realize that it wasn't helping as much as you thought.)

Also, the error here seemed much, much deeper than the lack of type checking.

SirensOfTitan 8 years ago |

I think Ethereum has a lot of potential and really love the platform. With that, the language options that work on top of the EVM are quite awful. There needs to be considerable investment in either building better options or building EVM compilers for well designed languages.

Something functional would be great: OCaml, F#, Haskell with immutability and formally verified abstractions for dealing with the blockchain.

emsimot 8 years ago | |

Yoichi's Bamboo is looking pretty good.

https://medium.com/@pirapira/bamboo-compiler-started-produci...

daraosn 8 years ago | |

That's what Tezos is doing, using OCaml for their smart contracts.

dbrgn 8 years ago | | |

Actually they use OCaml for the blockchain implementation and their own functional and provable language "Michelson" for smart contracts.

Fun fact: Michelson was the guy that disproved aether :)

MichaelGG 8 years ago |

So Ethereum has 2 poorly thought out and implemented languages?

motet_a 8 years ago |

But why do Ethereum people maintain a custom programming language? This could easily add a huge amount of complexity (and security issues) with very few benefits.

Moreover, maintaining a large and critical project without automated tests seems impossible to me.

Rmilb 8 years ago | |

They needed a language to compile to the Ethereum Virtual Machine (EVM).

Stack exchange with more info. https://ethereum.stackexchange.com/questions/3112/what-is-th...

wslh 8 years ago | | |

The problem here is that you are handling a ton of money and it is irresponsible to manage a project in this way. More thinking that many people, including developers, in the community are millionaires, so it is not a resource problem. When you send a rocket to the space you also test it against ETs.