• self@awful.systems
    link
    fedilink
    English
    arrow-up
    13
    ·
    11 months ago

    (TLDR; combination of reentrancy + old approvals that were never removed)

    smart contracts are a genius-level invention! with the exact same security and threading model as a 90s PHP site, where every built-in function you can call has a laundry list of potential security issues, and fastening a new language and type system to the same broken API appears to provably be doing nothing to the combinatorial explosion of possible security issues

    because none of this was ever about computer science; it was all always just affinity fraud targeted towards mediocre nerds

    • Architeuthis@awful.systems
      link
      fedilink
      English
      arrow-up
      9
      ·
      11 months ago

      The best part is that because of blockchain immutability fixing a buggy contract is simply not a thing, you need to deploy a new one, as well as replace any other contracts that refer to the original since they are now compromised as well, all the while paying for gas fees out the ass.

      And also as far as I can tell you can’t actually stop your users/exploiters from using the broken contract, you can only try to politely tell them not to.

      • self@awful.systems
        link
        fedilink
        English
        arrow-up
        4
        ·
        11 months ago

        also urgent client calls because the database they rely on for literally every part of their business is slow and unreliable “for no reason” and you pop open the database and see the sheer volume of PL/SQL and immediately double your hourly rate

        it’s worth noting that SQL as a language is basically an embedded COBOL data definition DSL. somehow it’s always arbitrary COBOL with financial programmers

          • self@awful.systems
            link
            fedilink
            English
            arrow-up
            5
            ·
            11 months ago

            the last thing I did in college was learn COBOL as a joke, and I’ve been hiding it from my employers ever since

            • David Gerard@awful.systemsOPM
              link
              fedilink
              English
              arrow-up
              4
              ·
              11 months ago

              I learnt COBOL in the same august institution I learnt PL/SQL

              given y2k pay rates i almost wish i’d kept it up a bit longer