(IJCH) When are people going to stop blaming the platform instead of placing the blame where it belongs - the Smart Contract Developer? (or How EOS' Gambling App Hack sounds like Ethereum's DAO)
(IJCH) When are people going to stop blaming the platform instead of placing the blame where it belongs - the Smart Contract Developer? (or How EOS' Gambling App Hack sounds like Ethereum's DAO)
IJCH - Inside JaiChai's Head (Meaning: My Warped, Personal Opinions and Musings)
From the Author:
Salutations.
I am JaiChai.
And if I haven't had the pleasure of meeting you before, I'm delighted to make your acquaintance now.
I invite you to interact with everyone, learn, and have as much fun as possible!
For my returning online friends, "It's always great to see you again!"
When are people going to stop blaming the platform instead of placing the blame where it belongs - the Smart Contract Developer? (or How EOS' Gambling App Hack sounds like Ethereum's DAO)
Many people still blame Ethereum for the DAO Hack; when it actually was caused by the smart contract code - NOT Ethereum.
And as more and more smart contract platforms are appearing on the landscape, I think it's high time that the following fact should be remembered:
Although Smart Contract Platforms try to make their platforms as secure as possible, they are not responsible for the vulnerabilities in the coding, nor performance of the smart contracts developed by their customers.
The Platform is just that - a means of (or place for) deploying someone else's creation.
Even though the blame ultimately falls on the smart contract creator, much like Ethereum after the infamous DAO Hack, EOS' capability as a smart contract platform is being questioned.
In the following articles, the "Blame the Platform" sentiment is not stated outright, but insinuated.
"Another Smart Contract Hack? EOS Dice Game Pays Single User $600K Over 36-hour Period"
Article Link:
"Hacker exploits EOS smart contract to steal $200K from gambling app"
Article Link:
https://thenextweb.com/hardfork/2018/09/14/eos-gambling-app-hacked/
"Almost $240,000 Worth Of EOS Tokens Stolen In DApp Smart Contract Hack"
Article Link:
https://ethereumworldnews.com/almost-240000-worth-of-eos-tokens-stolen-in-dapp-smart-contract-hack/
The above articles portray the Gambling company (EOS Bet) as being forthright - "the good guy".
WTF?
Furthermore, the articles conveniently lack the obvious (at least to me, it is):
Someone at EOS Bet did not properly perform a smart contract audit - test and degug the code - before it went live!
Again, Ladies and Gentlemen, please remember this:
Although Smart Contract Platforms try to make their platforms as secure as possible, they are not responsible for the vulnerabilities in the coding, nor performance of the smart contracts developed by their customers.
The Platform is just that - a means of (or place for) deploying someone else's creation.
By JaiChai
Mighty Kind of You for stopping by.
Truly hope to see you again!
About the Author
Believing that school was too boring, he dropped out of High School early; only to earn an AA, BS and MBA in less than 4 years much later in life – while working full-time as a Navy/Marine Corps Medic.
In spite of a fear of heights and deep water, he performed high altitude, free-fall parachute jumps and hazardous diving ops in deep, open ocean water.
After 24 years of active duty, he retired in Asia.
Since then, he's been a full-time, single papa and actively pursuing his varied passions (Writing, Disruptive Technology, Computer Science and Cryptocurrency - plus more hobbies too boring or bizarre for most folk).
He lives on an island paradise with his teenage daughter, longtime girlfriend and three dogs.
I'm guessing Turing Completeness didn't help. There are too many attack vectors with truing complete smart contracts and a lot of room to cover when auditing.
wonderful article and interesting information
wonderful article for ethical hacking, i'm not master like you, god bless you and great post.
Thank you for visiting and commenting.
Namaste, Jai|Chai
Something similiar was the Trybe airdrop
Posted using Partiko Android
You mean the privacy coin?
I meant Trybe. Here is a steemit post about it https://steemit.com/eos/@shebeleeza/trybe-airdrop-honest-review-of-trybe have a look at the news article cited in that post.
Posted using Partiko Android
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by JaiChai from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.