Interestingly enough: Poly politely asked the “hacker” for the money back and now allegedly half of it has been returned. I guess trying to cash out $600m in cryptocurrency is hard. Also of interest, exchanges were blacklisting addresses associated with the “hacker”, even though it’s fairly easy to “launder” tokens although, not $600m worth.
Is there anyone working on some better (verifiable?) approaches to crypto contracts? Or is the SotA still “you write solidity very very carefully”? I can’t imagine this approach will survive very long with various services/companies getting hacked or imploding every few weeks. Or at least don’t expect it to grow out of the on/cross chain defi speculation and pyramid schemes without changes.
At agoric.com, we’re working on smart contracts based on object capabilities, which pretty much takes the onlyOwner confused deputy risk off the table.
Partitioning risks is pretty natural with ocaps. The Zoe API with offer safety takes another huge class of risks off the table.
External security reviews, including some formal verification, is in progress.
Move is a next generation language for secure, sandboxed, and formally verified programming. Its first use case is for the Diem blockchain, where Move provides the foundation for its implementation. However, Move has been developed with use cases in mind outside a blockchain context as well.
Interestingly enough: Poly politely asked the “hacker” for the money back and now allegedly half of it has been returned. I guess trying to cash out $600m in cryptocurrency is hard. Also of interest, exchanges were blacklisting addresses associated with the “hacker”, even though it’s fairly easy to “launder” tokens although, not $600m worth.
Solidity - not even once.
Is there anyone working on some better (verifiable?) approaches to crypto contracts? Or is the SotA still “you write solidity very very carefully”? I can’t imagine this approach will survive very long with various services/companies getting hacked or imploding every few weeks. Or at least don’t expect it to grow out of the on/cross chain defi speculation and pyramid schemes without changes.
At agoric.com, we’re working on smart contracts based on object capabilities, which pretty much takes the onlyOwner confused deputy risk off the table.
Partitioning risks is pretty natural with ocaps. The Zoe API with offer safety takes another huge class of risks off the table.
External security reviews, including some formal verification, is in progress.
I think the
LibraDiem people are working on this