$570M worth of Binance’s BNB token stolen

[matheusmoreira]

Here is the only part of the article that matters:

> The hack was caused by a bug in the bridge’s smart contract that allowed hackers to forge transactions and send money back to their crypto wallet

The bridge is BSC Token Hub:

https://www.bscscan.com/address/0x00000000000000000000000000...

This smart contract holds coins. A bug allowed someone to forge transactions with the result that they could move coins off of the contract and into to wallets that they control.

[cwkoss]

Code is law. There are no such things as bugs in smart contracts. Just unforeseen implications of the chosen contract.

[matheusmoreira]

No, those are definitely bugs. The program was obviously not intented to allow forged transactions, just like so many I/O layers were not intended to incorrectly accept malformed malicious input.

Even actual human laws have bugs and exploitable vulnerabilities. We simply call them loopholes instead. There's even a very lucrative market for them, dominated by professionals like lawyers and accountants.

[tootie]

I think that was OP's point. The code is the contract and bugs are just loopholes. Anything the code allows for is by definition part of the contract.

[parkingrift]

So you’re saying you want a… oracle? Perhaps a human one? For this decentralized peer to peer future of finance with no overlords? Come now. Surely you jest.

[icambron]

I’d say a bug is behavior not intended by the contract’s author. Laws can have bugs too.

What I do think is that you can’t really call it “forgery” or “stealing”, just like using a loophole in a law isn’t illegal.

[TomSwirly]

I think you're serious!

If you are, then a contract that does not do what you expect it to do is buggy, by any possible definition of the word.

Otherwise, well done!, you fooled me.