A security issue with Ethereum’s Solidity language, not just the DAO

What’s the issue?

Solarstorm vs. Reentrancy:

Even if the other issue (unchecked-send and reentrancy) were not there, solarstorm alone is sufficient to steal $150M from the DAO.

What does this mean?

  1. This can impact any contract on Ethereum, not just the DAO. This is an issue with Ethereum’s JavaScript-like programming language (Solidity).
  2. It’s possible to have issues in already published Ethereum contracts. Developers should check if their contracts are vulnerable and take appropriate actions (move funds, publish new contracts).
  3. Developers need to be extremely careful with making external calls in future contracts. Avoid external calls until this issue is addressed.
  4. Ethereum is NOT permanently broken. Solidity compiler can warn programmers of this particular exploit.

Next steps:

--

--

Founder Stacks, smart contracts for Bitcoin. Previously, Princeton PhD.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Muneeb Ali

Muneeb Ali

5.2K Followers

Founder Stacks, smart contracts for Bitcoin. Previously, Princeton PhD.