
Ethereum Wallet and Mist Beta with Hard Fork choice - Ursium
https://github.com/ethereum/mist/releases/tag/0.8.1
======
rhodey_orbits
Ethereum brushed off my bug bounty submission and then began this hard fork
junk so I documented and packaged my exploit publicly. It hasn't gotten much
exposure yet, please have fun with it.

"Walking Past Same-origin Policy, NAT, and Firewall for Ethereum Wallet
Control" \- [https://medium.com/@rhodey/walking-past-same-origin-
policy-n...](https://medium.com/@rhodey/walking-past-same-origin-policy-nat-
and-firewall-for-ethereum-wallet-control-30c29b73a057)

~~~
heliumcraft
Nice post. It looks like a potential issue for someone specifically running
geth with that config, but ok for an end-user using Mist or Metamask.

~~~
rhodey_orbits
thanks! I didn't take the time to setup Mist but my understanding is that Mist
is especially vulnerable because it's bundled with a wallet and used for
browsing DAPPS which always require the JSON API to be enabled.

~~~
heliumcraft
It's not since Mist (and Metamask) injects the web3 object into the page, no
jSON-API is used. It also displays a confirmation dialog each time a
transaction is generated. If setting up Mist too much trouble to try this, you
can always try Metamask [https://metamask.io/](https://metamask.io/)

------
CydeWeys
This looks really bad from the perspective of trusting the currency to
actually retain its value. What if you end up on the wrong fork, and that
thousands of dollars in Ethereum you accepted to send out physical goods ends
up being worthless?

What's the point in saving the DAO if it kills the whole purpose behind the
currency?

~~~
Bromskloss
Won't you own Ether, and everything else, on both branches in the event of a
fork?

~~~
mcherm
Ether that you own (not related to the DAO) before the fork happens would be
unaffected by the fork. But after the fork, suppose you accept payment for
something. You can accept payment in cash, Bitcoin, Ether-on-left-side-of-
fork, or Ether-on-right-side-of-fork. I suppose you could also insist on
getting paid in BOTH "Ether-on-left-side-of-fork" and ALSO in "Ether-on-right-
side-of-fork", but that starts to get really complicated.

~~~
CydeWeys
In practice I think I'd sooner switch back to a non-forked cryptocurrency than
try to deal with running multiple forks and ensuring that I'm getting paid on
all of them. That sounds like a right huge mess to deal with, as you point
out.

------
HappyFunGuy
It's a good thing that smart contracts have allowed us freedom from human
error and bias.... I guess we can just call them "contracts." now.

~~~
aakilfernandes
Intersting idea. Perhaps we should have a system of governance of the
"contracts" whereby we elect "representatives" who appoint "judges".

~~~
goodplay
Poe's law in full effect.

If you're serious: Why not make use of existing infrastructure (current
courts, laws, etc) rather than reimplementing all that again on top of
ethereum? Also, what prevents this new layer from becoming as corrupt and
bureaucratic as the one we currently have in place?

~~~
aakilfernandes
I was being facetious :)

------
Gargoyle
I was a hardcore Ethereum fanboy, but this fork completely turned me off.

~~~
CydeWeys
Too many of the Ethereum devs had way too much of their currency tied up in
the DAO. It's a classic conflict of interest. Don't forget that Ethereum had a
significant premine as well (which is very shady in its own right), so the
early devs and adopters have a lot of ETH to throw around.

~~~
eco
> Too many of the Ethereum devs had way too much of their currency tied up in
> the DAO.

Do you have any evidence of that? I know about the address that was found in
both the Foundation wallet and as a DAO holder but I haven't seen any other
developer shown to be DAO holders. Stephan Taul would obviously be a big DAO
holder as one of the people behind it but he's not with the Ethereum
Foundation anymore (having left to work on Slock.it and The DAO).

Even if they have a conflict of interest they seem to be going out of their
way to let the community decide what to do.

~~~
bergeoisie
I'd expect that Gavin Wood has substantial DAO holdings. He might not be a
foundation member, but the way that ethcore is acting here doesn't make me
think it's operating in an unbiased fashion.

------
themgt
It's just kind of crazy to me the amount of DAO-specific lines of code that
have been put into apparently Mist and Geth, e.g. just search "DAO" on these
links [1], [2]

How many many man hours have been spent on introducing a single DAO-fork
feature into the code? They didn't even build it as a generic "community
referendum fork" feature just something specific to this situation? They can
say "the community decides" but the community didn't decide to dedicate that
amount of dev resources to putting a band-aid on a single community member's
fuckup. What a mess.

[1] [https://github.com/ethereum/go-
ethereum/commit/1b2941cd56d69...](https://github.com/ethereum/go-
ethereum/commit/1b2941cd56d69744e6121b7a590285d0faecbded)

[2]
[https://github.com/ethereum/mist/commits/0.8.1](https://github.com/ethereum/mist/commits/0.8.1)

------
HappyFunGuy
I think this is what they call throwing the baby out with the bath water? We
didn't need immutability right?

------
HappyFunGuy
You know what's funny about a hard fork "choice?" If you don't own majority
shares, or have social influence with the majority, you get to choose to go
along with the mass, or screw yourself. Great choice!

------
yakcyll
So, uh, in layman's terms, where's the money now?

~~~
Artlav
On both sides of the fork.

The bet is that one side would die out, and most of the exchanges agreed that
they would stop operations until a clear winning fork is determined.

~~~
curiousgal
THey'll only halt deposits/withdrawals. Trading will be uninterrupted.

