Gestern berichteten wir live über einen Angriff auf die Nutzer der Seite MyEtherWallet (MEW). Mittlerweile hat sich der Trubel gelegt. Was ist passiert? Wie kann man sich schützen? Die Website MyEtherWallet bietet ihren Nutzern die Möglichkeit, mit der Ethereum-Blockchain zu interagieren. Das bedeutet, man kann mit Smart Contracts interagieren, beispielsweise für die Teilnahme an einem…Der Beitrag erschien zuerst auf .
After a single buggy smart contract in the Parity Ethereum wallet locked-up 600,000 ETH in November 2017, the ongoing GitHub debate raised in the Ethereum Improvement Proposal (EIP) 999 is heating up.
Smart Contracts Not Completely Bug-Free
The wallet was infiltrated “accidentally” by GitHub user ‘devops199,’ who found out that a bug in the smart contract could be exploited to gain complete ownership of all underlying contracts. Ironically, the bug was by Parity’s multiple signatory code – which was supposed to increase security.
To combat this, an EIP-999 was raised to discuss a potential update that would “patch” the faulty smart contract and allow users to gain access to their ‘locked’ ETH. At the time of writing, the locked ETH to a staggering $418 million. And since every decision on open-source projects needs to be publicly approved, the EIP ran a “” system to determine which choice would be best suited to public interests. To vote, users staked their ETH, and this ensures all voters are serious about the topic.
Speaking about the EIP’s benefits on , was Parity developer Afri Schoedon:
“This proposal is necessary because the Ethereum protocol does not allow the restoration of self-destructed contracts and there is no other simple way to enable the affected users and companies regaining access to their tokens and Ether.”
Another Blockchain Split?
However, in contrast to Schoedon, developers of the other client Geth, argue that if the code from EIP 999 is made available, it may lead to a contentious split in the Ethereum blockchain.
Péter Szilágyi, the lead developer of Geth, provided his comments on the issue on Twitter:
. asked me a few questions about EIP-999, but for some reason didn't add even one of my answers into their piece. Maybe they preferred a more apocalyptic piece, maybe my answers were too late to incorporate. Either way, I spent time writing it, so here ya go.
— Péter Szilágyi (@peter_szilagyi)
Since both Geth and Parity clients communicate with the Ethereum Virtual Machine and remain in sync by keeping up with each other’s improvement; if the Parity team diverges from Geth, it could result in another blockchain split like the one that created . With such a split, tokens built on top of Ethereum will also be affected.
As Alex Van de Sande of the Ethereum Foundation writes in a , he thinks chain splits should only be considered if the entire ecosystem is at risk:
“I think for the sake of the platform, it’s not fair to create a burden on every token. I believe the way to move forward is to build not only better contracts but also insurance systems to hedge against eventual failures and to create a (voluntary) fund to minimize the damages to victims of these failures. Chain splits are bound to happen eventually, but they should be only risked when the whole ecosystem is at risk or needs some sort of upgrade.”
Voting Results
Surprisingly, while voting for returning the lost funds to their owners seems to be the most obvious option, the reality shows a grave picture. Developers and onlookers are divided on both sides of the spectrum; with some in favour of the coins being released, and the others against it.
In all, 55 percent of the voters cast their vote against the proposition, with only 39 percent voting for, and the remaining five percent saying they “don’t care.”
While the votes do show that the cryptocurrency community can be ‘heartless,’ the argument is rooted with some fair points.
For one, users argue that if the locked funds are allowed to be released, the ecosystem would see a lot of affected users demand a similar solution for their hacked, or locked, funds. If a similar occurrence takes place in the future, developer teams would have to work towards recovering the tokens – which is simply put a complicated process.
As observed, some users have put forth a selfish reason – loss of tokens would decrease the supply cap and increase the value of their own tokens.
“Rollback,” The Solution To Blockchain Issues?
A possible solution for recovering the funds is to “rollback” the blocks to an earlier stage before the hack. While this is a complicated process – which involves consensus from 51 percent of nodes to agree that the transactions didn’t happen – it wouldn’t be the first time that the blockchain had been altered to resolve an issue.
In August 2010, bitcoin developer Jeff Garzik noticed a block that gave an output of 91 billion bitcoin. As later by Garzik,
“In technical language, the bug is known as a number overflow error. So instead of the system counting up 98, 99, 100, 101, for example, it broke at 99 and went to zero (or -100) instead of 100. In layman’s terms, someone found a way to flood the code and create a ridiculously large amount of bitcoin in the process.”
Then in 2016, an Ethereum hard fork was carried out to return ETH valued at $40 million to investors affected by the infamous .
However, such rollbacks and hard forks are possible when the coin is still in its infancy, with the fix not being a complicated procedure.
The post appeared first on .
