Author: Sophia Brown
Over the last day with the community’s help we have crowdsourced a list of all of the major bugs with smart contracts on Ethereum so far, including both the DAO as well as various smaller 100-10000 ETH thefts and losses in games and token contracts. This list (original source here) is as follows: We can categorize the list by categories of bugs: Variable/function naming mixups: FirePonzi, RubixiPublic data that should not have been public: the public RNG seed casino, cheatable RPSRe-entrancy (A calling B calling A): the DAO, Maker’s ETH-backed tokenSends failing due to 2300 gas limit: King of the EtherArrays/loops and…
Affected configurations: All smart contract wallets created using Ethereum Wallet Frontier, version 0.4.0 (Beta 7) or earlier. Wallets created with Ethereum Wallet 0.5.0 and all later versions released after March 3, 2016, are not affected. Likelihood: Low Severity: High Summary: Do not use wallet contracts or owner accounts of those wallets that were created by the Ethereum Wallet 0.4.0 or earlier. If you send to (or interact with) a malicious contract it could take ownership of your wallet contract. Create a new wallet and move your funds. How to be super safe?? Don’t use the vulnerable wallet contracts, AND the owner accounts…
The last week was quite hectic for all of us in the Ethereum ecosystem. The DAO has shown us that it takes much more effort to write smart contracts than we originally anticipated; but also that it takes a surprising amount of debate to reach a consensus on issues of this scale. Everybody in our community was very vocal and forthcoming about how the problem should be fixed in his/her opinion, or whether there’s even a problem to fix in the first place. While many have suggested an immediate hard-fork, the implications of such action are yet to be fully understood. An alternative…
Affected configurations: geth 1.4.8 Likelihood: High Severity: High Details: An attack vector has been identified in the freshly released implementation of the DAO soft fork. The fork enactment code in geth (and other clients) allows execution of EVM code up to the block gas limit without paying for gas. This can slow down mining and prevent inclusion of legitimate transactions. The soft fork will not be enabled if the gas limit of block 1800000 is above 4000000 gas (i.e. if the community vote to activate the fork fails). The attack cannot be performed in this case. Effects on expected chain reorganisation depth: None Proposed temporary…
The Devcon2 web site is officially live now! You can find it at https://ethereumfoundation.org/devcon/ Thanks for everyone’s interest, proposals, support and enthusiasm. We have an amazing community and are excited to present the first Ethereum Foundation event in Asia. This year, Devcon2 (September 19, 20, 21) will be a featured conference at the International Blockchain Week in Shanghai by Wanxiang Blockchain Labs, the host organization in China. While Ethereum Foundation’s “devcon” is designed to be a conference by developers for developers, any and all who are interested in the research and development of the Ethereum platform, tools, and technologies are welcome to attend!…
Since the last C++ DEV Update, a lot of things happened in the engine room which were not really visible to the outside. This post wants to give an overview about what we are currently working on. Apart from the features side, Bob has been working on a proposed process for re-licensing of the C++ runtime client code to Apache 2.0, as has been mentioned a few times in the past month or two. Expect more news on that very soon. Eth Unit-Test Mode Not only because it is essential for being able to perform our Solidity end-to-end tests via…
Hey everyone, I spent some time with our Canadian friends in Toronto after presenting “Ethereum: The World Computer” at Blockchain Training Conference last month and I wanted to provide a quick update on some of the exciting happenings in the Ethereum dev ecosystem. Lots of things are brewing behinds the scenes, so let’s jump in! Projects Mist Ethereum wallet has been refined significantly over the last several months expanding support to arbitrary contract interaction via the “custom contracts” tab. This is a massive improvement over sending transactions on the command line, as was often required in Frontier. With several new…
How to build server less applications for Mist | Ethereum Foundation BlogPosted by Alex Van de Sande on July 12, 2016Ethereum is not meant to be a platform to build esoteric smart contract applications that require a STEM degree to understand, but it aims to be one pillar of a different architecture for applications on the world wide web. With this post we will try to elucidate how this can be done and give some basic examples on how to start building a decentralized app. Who is this for? This text is intended at those who have a basic understanding…
The DAO, though not a product developed by the Ethereum Foundation, has been a hot topic as of late, both internally in the organisation as well as within our community. The Hard Fork is a delicate topic and the way we see it, no decision is the right one. As this is not a decision that can be made by the foundation or any other single entity, we again turn towards the community to assess its wishes in order to provide the most appropriate protocol change. The specification proposed for the hard fork that is being implemented in the Geth client is…
We would like to congratulate the Ethereum community on a successfully completed hard fork. Block 1920000 contained the execution of an irregular state change which transferred ~12 million ETH from the “Dark DAO” and “Whitehat DAO” contracts into the WithdrawDAO recovery contract. The fork itself took place smoothly, with roughly 85% of miners mining on the fork: You can see ongoing fork progress here. EthStats shows Go, Java and Parity (Rust) nodes successfully synchronized to the fork chain. The recovery contract is already returning DAO token holders’ ether; about 4.5 million ETH has been sent to DAO token holders, and…