You are viewing a single comment's thread from:
RE: Ethereum to implement hard fork to save funds stolen from The DAO
If one hacker can get and keep over 100 million dollars with a simple exploit like this then what kind of lesson will others learn?
Not to put money in unsafe smart contracts
All Turing complete smart contracts are fundamentally unsafe. This is because at the deepest levels they cannot be logically consistent. This means you cannot get a clear yes or no answer as an output so the behavior is never exactly as expected. This unexpected behavior is the cause of bugs.
The only real answer is to have functional decidable language security where you have consistent logic. You have to give up completeness in exchange for consistency always. But you get the benefit of not having code which does unexpected behaviors which means no more bugs, no more underhanded stealth logic bombs, no more zero days, none of that is possible because just as with propositional logic you have a true or false certainty at all times.
Turing complete imperative languages can never be trusted. What you get is an approximation where you through trial and error, testing and other methods refine the code base over time. For smart contracts where you can't easily do that you have to get it right on the first time and when lots of money is involved you don't want to have to trust the programmer not to sneak a logic bomb into the code.
References
http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
That makes the decision whether to put money in them easier doesn't it.
The other viable option is to embrace Turing incompleteness: