[OT] - A hacker stole $31M of Ether — how it happened, and what it means for Ethereum
Rene Zwanenburg via Digitalmars-d
digitalmars-d at puremagic.com
Fri Aug 4 02:50:58 PDT 2017
On Friday, 4 August 2017 at 08:33:42 UTC, RazvanN wrote:
> On Friday, 4 August 2017 at 05:57:00 UTC, Nick B wrote:
>> See -
>> https://medium.freecodecamp.org/a-hacker-stole-31m-of-ether-how-it-happened-and-what-it-means-for-ethereum-9e5dc29e33ce
>>
>> [...]
>
> I don't think the problem was with the blockchain here. It is
> usually a bad idea to have turing-complete scripts over
> blockchains. From what I've seen the bug was that there was
> issued a library call based on a user-provided string. That
> could have never happened if they would have used D with @safe
D's OpDispatch is very similar to what caused this bug ;)
struct Library
{
void doSomethingUseful(){}
void doSomethingNice(){}
void resetSecurity(){}
}
struct BuggyContract
{
private void customizedBehaviour(){}
void opDispatch(string f)()
{
if(f == "doSomethingUseful")
{
customizedBehaviour();
}
else
{
mixin("Library.init." ~ f ~ "();";
}
}
}
More information about the Digitalmars-d
mailing list