
A coding error led to $30M in ethereum being stolen (2017) - bryanrasmussen
https://qz.com/1034321/ethereum-hack-a-coding-error-led-to-30-million-in-ethereum-being-stolen/
======
afeezaziz
Time for better Ethereum contract audit service? Does Open Zeppelin avoid
these theft from happening?

~~~
QML
Using Open Zeppelin does not guarantee the lack of contract issues, but since
it is independently audited, it is more secure than contracts built on top
using the Zeppelin library and which are not audited.

For example, Parity - covered in the article - uses Open Zeppelin and had
wallet insecurities twice this year. But Zeppelin itself was not affected in
those scenarios.

I sort of think of Zeppelin as a “safemath” library, similar to those in C.
But even though safemath libraries exist in C, that does not mean C is safe
from security issues.

~~~
QML
I think you must also consider why an Ethereum auditing service would be
viable in the first place in light of two concerns:

1\. Flaws in wallets often provide higher bounties, so the people who discover
vulnerabilities are more likely to exploit it than to announce it. Basically
misaligned incentives.

2\. An auditing company would be taking on a substantial amount of risk
considering how underdeveloped Solidity is and the magnitude of wealth
potentially stored in a contract. I would only imagine auditing be viable for
people who want to build brand recognition than building a company.

------
adamnemecek
(2017)

~~~
bryanrasmussen
thanks, I was reading two related articles on ethereum, and one of them was in
December 2017 and I got confused and though oh I won't put it in for December.

