
Priority Queue on Ethereum with a 15 ETH Bug Bounty - HugoMelo
https://github.com/zmitton/eth-heap
======
seibelj
Cryptocurrencies, and especially Ethereum, are truly novel innovations in
computer science that cross many academic disciplines. The linked example is a
great write-up. It’s sad that there is a vocal group, especially on HN, that
knee-jerk hates everything blockchain related and wishes with their entire
being for it to fail.

However, I think smart contracts are fascinating and wish more people would
keep an open mind.

~~~
nosuchthing
The term “Smart contracts” (Ethereum/EOS/hyperledger) is often used with wild
claims for supply chains and cross border business deals, but why would any
real business want to use a public blockchain?

Smart contracts can’t even do anything interesting without a trusted source of
data input. The threat model and legal questions of smart contracts are
another huge deterrent for most businesses.

Latency, throughput, security threats, and cost are all fairly understood with
normal databases, yet with blockchain software all of these are measurably
worse.

Where are the completed successful smart contracts deployed?

Why would any person or business want/need to use an existing blockchain when
some bug or mining operator might cause a catastrophe of that system, who
would they sue for damages?

A single user who spent less than $5000 crashed the entire market for Ethereum
last summer. Most of the supply of ETH, XMR, BTC and other crypto tokens are
owned by a very small population of crypto-oligarchs.

It all seems like a marketing scheme to sell cyber beanie babies to people who
are unfamiliar with the engineering flaws in distributing computing and the
marketing lies from “investors” who need to pump the price on their magic
beans.

~~~
bonestamp2
> why would any real business want to use a public blockchain?

I think it is only important for a business when public trust is important.
For example, a news agency could publish its articles in a public blockchain
so the original article and any updates to that article would forever be
auditable from that blockchain.

~~~
simias
It's exhausting arguing with the same bogus "use cases" every other week but
here goes in short:

\- In your scenario you're not decentralized, you have a clear authority: the
news agency

\- The news agency can broadcast a signed merkle tree of the articles it
publishes alongside the normal newspaper/news program etc... For instance
through their website.

\- Anybody who cares about it could maintain a copy of this signed tree
locally.

\- If the news agency censors or edits an article anybody with a copy of the
original tree can prove it by showing that their tree has a valid signature
from the news agency and yet the hashes don't match.

There, problem solved without having to worry about proof of work, proof of
stake, transaction costs, 50% attacks of what have you.

~~~
dexen
Just because I feel like arguing a bit, here goes:

>\- _In your scenario you 're not decentralized, you have a clear authority:
the news agency_ Only due to current technical limitations. Shift to
Blockchain, get distributed news agencies, with reporters[1] residing all over
the world. Think of the time and costs saved by not having to send reporter
out of a central office

> _\- The news agency can broadcast a signed merkle tree of the articles it
> publishes alongside the normal newspaper /news program etc... For instance
> through their website._ Doesn't help a bit, given how they have total
> control over the content of the website, they could just as easily swap out
> the merkele root and claim it is the original one. Blockchain denies them
> this sleight of hand.

>\- _Anybody who cares about it could maintain a copy of this signed tree
locally._ ...and there's a well known tool for distributing that in a verified
& timestamped format - Blockchain.

>\- _If the news agency censors or edits an article anybody with a copy of the
original tree can prove it by showing that their tree has a valid signature
from the news agency and yet the hashes don 't match._ Introduces a 'he-said,
she-said' problem. Which the Blockchain neatly avoids.

[1] possibly with a lot more "citizen journalists" who do the reporting as a
side activity, rather than mostly plain old full-time journalists.

~~~
simias
>Shift to Blockchain, get distributed news agencies, with reporters

You'll have to break that one down for me. Can the blockchain also cure male
pattern baldness? Asking for a friend.

>and there's a well known tool for distributing that in a verified &
timestamped format - Blockchain.

News agencies typically already have a way to distribute information since
that's literally their job. Even if they don't they could just tweet it or
whatever. That's not really a problem.

>Introduces a 'he-said, she-said' problem. Which the Blockchain neatly avoids.

No it doesn't, if you can provide a valid signature from the "News Org" public
key that doesn't match the article's checksum then it proves that "News Org"
at some point signed conflicting data, proving that something has been
tempered with. It doesn't matter if the person pointing that out is some
anonymous user on 8chan, as long as the signature is valid it can only mean
that the news organization did something shady or that their key got
compromised.

That's the whole principle behind public key cryptography. I signed this
comment before posting it, which means that if tomorrow I delete this message
and you kept a copy you could show that I in fact authored it (or at least
endorsed it somehow):
[https://pastebin.com/XKnQSFew](https://pastebin.com/XKnQSFew)

------
40acres
Wow, great write up. Excellent example of computer science fundamentals being
used to tackle a novel problem.

I recently had to use the concept of table doubling to improve a system where
rough estimation was being used to determine the size of a data structure. It
certainly felt good to recall the concept of table doubling and design a
system using it's concepts.

~~~
zmitton
Thanks, I basically did a brain dump on the README. I plan do do many more
bounties like it in the future. Really glad it's made some traction.

------
zmitton
by the way. I deployed the same thing on the KOVAN test network at this
address (if people want to test their exploits for free first):
[https://kovan.etherscan.io/address/0xfbc23099a8bd0ce4227920d...](https://kovan.etherscan.io/address/0xfbc23099a8bd0ce4227920dc559fcfe9c7fa3ce3)

~~~
runeks
> […] if people want to test their exploits for free first […]

This sounds like a bad idea, since it would allow other people to extract the
script and put it inside a transaction that’s published on the real network,
thus unfairly claiming the bounty.

------
liorn
If I were a malicious actor with a good way to attack this, I would wait until
this was being used in real applications which deal with larger amounts of
ETH, and then attack.

Why should I reveal my cards for $3K?

~~~
michaelt
Because you know if you can find a given flaw, someone else can; and whoever
attacks second gets nothing.

------
nodesocket
Code bounties are a great use-case for cryptocurrency. I wonder if gratipay[1]
for example was built exclusively using BitCoin or Ethereum if it could have
survived?

[1] [https://gratipay.com](https://gratipay.com)

------
robertAngst
The flaws of ETH seem to show daily. The fact that this is a necessity to keep
ETH flowing is a bad sign of things to come.

Bitcoin not blockchain.

~~~
arcticbull
Or neither Bitcoin nor Blockchain. The thing is, inflation is actually what
keeps the entire economy moving. Deflationary currencies actively dissuade
investment and lending. What would a loan even look like denominated in a
deflationary currency? Lenders are incentivized not to give you the one, as
their cash reserves appreciate risk-free.

Oh, and also, why trust this random ad-hoc group of self-appointed economists
(the core dev team) over a selected group of professional economists with
degrees an arms-length away from politics (the federal reserve)? None of it
makes sense. If the core team wants to create more bitcoin _they can_. Just
like the fed.

Inflation is _not a bad thing_ \- it's solely a regular haircut for
unproductive capital. Nobody should be hoarding cash. They should invest.
Salaries are indexed for inflation so they don't go down. This isn't rocket
science.

~~~
zmitton
Your economics are all wrong. Ever heard of the Cantillon Effect?
[https://www.aier.org/article/sound-money-
project/cantillon-e...](https://www.aier.org/article/sound-money-
project/cantillon-effects-and-money-neutrality)

~~~
runeks
> The Cantillon Effect refers to the change in relative prices resulting from
> a change in money supply. The change in relative prices occurs because the
> change in money supply has a specific injection point and therefore a
> specific flow path through the economy. The first recipient of the new
> supply of money is in the convenient position of being able to spend extra
> dollars before prices have increased. But whoever is last in line receives
> his share of new dollars after prices have increased.

This theory is fundamentally flawed, because it assumes that whoever receives
the “new money” buys consumer goods. If this is indeed what happens, then
prices should increase. But what if he buys bonds?

If newly produced money is used, not to buy consumer goods (or commodities),
but bonds, then the injection of new money into the economy has the _opposite_
effect on the price level, because the new money is used to improve the
efficiency of production. E.g. if a producer of chickens sells a $250m bond
(bought with “new money”) and invests the proceeds in a chicken plant[1], the
price of chickens will _decrease_ , due to increased productivity of producing
chickens.

In the above scenario, the only price that will increase is the price of
bonds, which is the same as a falling rate of interest (the rate of interest
is inversely proportional to the price of the bond). And this is exactly what
has been happening for the past 35 years or so[2].

[1] [https://markets.businessinsider.com/news/stocks/costco-
plans...](https://markets.businessinsider.com/news/stocks/costco-plans-to-
keep-rotisserie-chicken-at-5-dollars-2018-9-1027555791)

[2] [https://awealthofcommonsense.com/wp-
content/uploads/2015/12/...](https://awealthofcommonsense.com/wp-
content/uploads/2015/12/Screen-Shot-2015-12-16-at-3.26.43-PM.png)

