Jan Ciger
Jan Ciger
Jul 21, 2017 · 2 min read

So, let me get this straight — a dumb developer mistake has costed someone $30 millions in stolen Ether. And you are trying to present this as a “programmer’s mistake, it happens, tough luck for those who got robbed”? Seriously?

I am a software developer myself and I have certainly made my share of costly mistakes too. However, the problem I see here is not technical. It is not the tools that have allowed the developer to make such mistake or let it pass through code review (reviewers are not infallible neither).

What shocks me is that the crypto-currency devs are playing fast and loose with clients losing huge amounts of real money here and that there isn’t a sensible way to recover from such an error. That is the largest problem here, IMO, and the biggest threat to the reputation of the crypto-currency systems.

News of disastrous hacks, scams and bugs like this in Ethereum, Bitcoin or similar systems are a frighteningly regular occurrence and it is always the innocent user trusting the system who is left holding the bag. Mistakes happen but unless you have a way to correct things should the inevitable arrive, you shouldn’t let people pour real money into this. I wonder how long it will take until the developers or operators get sued big time — people aren’t going to just keep swallowing losses like this.

Imagine that your bank has lost 30 millions of your money. If they didn’t pay them back you would sue the pants off everyone in the build and you would very certainly win.

I see a fairly major governance and technical problem here, not really a software engineering/tooling one. Even if you have decided to switch to formal correctness proofs for everything it wouldn’t help — even that doesn’t protect you against a mistake in the specification i.e. the code is provably correct to the spec but the spec itself is wrong (e.g. someone not anticipating a certain attack vector).

)

    Jan Ciger

    Written by

    Jan Ciger

    Expert compilations cauchemardesques, virtual reality researcher, software engineer, all-around geek