One person permanently locked up $300 million worth of other peoples' Ethereum


#1

Originally published at: https://boingboing.net/2017/11/07/one-person-permanently-locked.html


#2

For the most part, I couldn’t care less about cryptocurrency:let someone else beta test the damn thing, call me when it can solve my real world problems.

But these exotic failure modes, keep me coming back just to gawk! https://media.giphy.com/media/GjYjLvGErsggg/giphy.gif


#3

Somehow makes Mark’s snafu more palatable


#4

When I reached devops199 for comment on the incident, they replied, “Sorry… I’m really afraid now… can’t talk.”

I don’t blame him. Drug dealers, black market weapons brokers and money-laundering oligarchs tend to be suspicious sorts who won’t view the loss of tens of millions of dollars of their money as a simple “oopsie.”

The DAO hard fork was justified because the Ethereum ecosystem was “less mature then,” Buterin wrote. Ethereum has become more valuable and popular since then, and so this logic may continue to hold.

The hard fork rollback to status quo ante seems like the only option here also, despite the currency inventor’s prioritising the wonderfulness of his digital creation over its abject failure to serve its purpose for end-users (“You had one job! One. Job.”).

A more clued-in developer would say “hey, at least the blockchain’s distributed ledger allows us to roll things back to a specified date and mitigate the damage”, but not this dude.


#5

Meanwhile, all my cash is in USD and the Republicans are working hard to skyrocket our debt to unserviceable levels. Which currency is the least risky?


#6

I’ve been doing some solidity development on the blockchain lately, so I’ve been spending some time on this this AM.

The meta-issue has nothing to do with cryptocurrencies and the like. The issue is that many devs just like being too clever – and Gavin Wood, co-founder of Ethereum and head of Parity is one of them. Had he just included the needed code right into the contract and not tried to over-design the system and break out the functionality into a separate library (for no good reason, as far as I can tell), this wouldn’t have happened.

I’m not a dev by training, but I’ve accidentally become one over the past few years, and I think overdesign is absolutely endemic in the software business. I’ve seen so many things that are litterally ten times more complicated than they need to be…

Parity’s multi-sig wallet is one of those things. Christ, the only reason to drop down into assembly on the block chain, as far as I can tell, is becuase you’re impressed by your own cleverness.

 function Wallet(address[] _owners, uint _required, uint _daylimit) {
 // Signature of the Wallet Library's init function
 bytes4 sig = bytes4(sha3("initWallet(address[],uint256,uint256)"));
address target = _walletLibrary;

// Compute the size of the call data : arrays has 2
// 32bytes for offset and length, plus 32bytes per element ;
// plus 2 32bytes for each uint
uint argarraysize = (2 + _owners.length);
uint argsize = (2 + argarraysize) * 32;

assembly {
  // Add the signature first to memory
  mstore(0x0, sig)
  // Add the call data, which is at the end of the
  // code
  codecopy(0x4,  sub(codesize, argsize), argsize)
  // Delegate call to the library
  delegatecall(sub(gas, 10000), target, 0x0, add(argsize, 0x4), 0x0, 0x0)
 }
}

#7

The one you have some political say in (i.e., vote).

This cryptocurrency stuff is incomprehensible to me. It’s like someone thought of “cool” ways to do things with cash, and then removed everything that makes cash useful from it.

But so edgy! So cool! So WTF happened to my money?!


#8

But if you are borrowing money then the currency being risky is a good thing!

Time to short-sell society.


#9

Of all the potential uses for blockchain, cryptocurrencies are the most boring. It’s like reinventing the wheel when we could be working on solar powered aircraft (swap this example for something more practical if you feel the need).

Trying to find people actually interested in the other uses of blockchain technology among all the currency speculators is hard.


#10

I’ve realised I like crypto currencies for exactly the same reasons I like Eve Online - for a non participant they’re an endless source of amusing disaster stories.


#11

It’s endemic everywhere actually. Designers trying to justify their existence. I was in a hotel recently that just screamed overdesign, my wife thought I was being my usual cranky self. In my industry I’m known for designing gadgets that are stupidly simple and don’t break. Many times have I been called in to redesign something that was over designed to begin with by people who are better at marketing themselves than me.


#12

I’m sorry, but… keeping money under my mattress seems the smarter move here.


#15

I had no idea there were other uses.


#16

Now that you mention it, I have to wonder if maybe block chain could be used to build a voting system that was both anonymous (no one could find out how one voter marked the ballot) yet accountable (I could get a receipt for voting, and could verify that my vote counted in the final tally).

If those two goals were mutually attainable, I would be all over block chain like nobody’s business.


#17

because of one person’s mistake.

Usually there’s plenty of blame to go round, but not today.


#18

As long as we are spitballing, here’s another thing I ponder:

If the internet was like a huge telephone system, where any individual could talk to any other individual on the planet, then it seems like human rights activists, unions, consumer groups, class action plaintiffs, and pretty much anyone with an underserved agenda could reap great advantage.

But the problem with that metaphor is the “phone directory” part. The ones currently in charge of maintaining all this contact info, would really rather not facilitate any real change in the way things are run.

Traditional PGP encryption is very secure, but it requires the sender to know the receiver’s identity.

So, I’m wondering if block chain could be used to build an alternative “phone directory” where false flags, undercover agent-provacateurs become dramatically more difficult to install. In practice, there is probably some real world, six degrees of seperate on that would be needed to keep the whole setup from getting perverted by a man in the middle attack.

There’s probably a logical contradiction here that I don’t see, or else maybe there really is a technical fix to certain social problems!


#19

Every time the headlines deliver another story about short-selling society, I think of the statues on Easter Island, how they tried to break them open to access the accumulated mojo that went into building them.

Unfortunately while that statue breaking didn’t work, these modern day statue breakers are able to privatize actual gains, at pennies on the dollar.

Since it’s the general population paying the dollars, and individual assholes getting the pennies, it appears as if wealth is being created instead of being destroyed.


#20

People enamored with technology selling bits of the sky to each other.
This and the article from last week, where the author was locked out of his Trezor bitcoin chest because he forgot his password is all the more reason not to get into any of it.


#21

#22

Sounds like the people with money in those wallets already got the hard fork.