“Everyone here is a target for attack. Be paranoid.”
That’s how Ethereum Foundation security lead Martin Swende finished his deep-dive lecture on smart contract security at Devcon3 yesterday. At this point, he’s witnessed his fair share of attacks on ethereum and needs the community to understand what they’re getting into.
There was The DAO hack, where millions of dollars in ether was stolen because of smart contract bug. There was the time ethereum transactions slowed because of an unknown attacker — this on one of Swende’s first days working on the routine, no less. And then just a couple months ago, ethereum client Parity lost $30 million after being hacked.
And that is not to mention all the bitcoin-related hacks.
With this, developers point out that — as revolutionary as ethereum can and could be — there’s still lots of kinks to iron out, one of the reasons the open-source pro-jet’s flagship conference saw such a focus on safety on its second day, with developers and academics alike releasing new tools to take smart contract security a step further…