[OT] - A hacker stole $31M of Ether — how it happened, and what it means for Ethereum

Rene Zwanenburg via Digitalmars-d digitalmars-d at puremagic.com
Fri Aug 4 02:50:58 PDT 2017


On Friday, 4 August 2017 at 08:33:42 UTC, RazvanN wrote:
> On Friday, 4 August 2017 at 05:57:00 UTC, Nick B wrote:
>> See - 
>> https://medium.freecodecamp.org/a-hacker-stole-31m-of-ether-how-it-happened-and-what-it-means-for-ethereum-9e5dc29e33ce
>>
>> [...]
>
> I don't think the problem was with the blockchain here. It is 
> usually a bad idea to have turing-complete scripts over 
> blockchains. From what I've seen the bug was that there was 
> issued a library call based on a user-provided string. That 
> could have never happened if they would have used D with @safe


D's OpDispatch is very similar to what caused this bug ;)

struct Library
{
   void doSomethingUseful(){}
   void doSomethingNice(){}
   void resetSecurity(){}
}

struct BuggyContract
{
   private void customizedBehaviour(){}

   void opDispatch(string f)()
   {
     if(f == "doSomethingUseful")
     {
       customizedBehaviour();
     }
     else
     {
       mixin("Library.init." ~ f ~ "();";
     }
   }
}


More information about the Digitalmars-d mailing list