I've written middleware APIs for accepting currency in carts and casinos that interfaced with / polled bitcoind and other daemons. Why on earth would this person be calling APIs directly, and why would the daemon not just reject the transaction if it's an unexpected kind of token? Or if he added funds to the contract why not be able to remove them to the same address? I never dealt with smart contracts but even allowing this to happen without an error seems like a crazy, terrible design.
from the reddit comments, similar question, apparently every instruction adds gas fees to running the contract, so if you're going to use the contract a lot, you leave out any kind of validation.
>> Wow why didn't the contract creators think this through and block requests to the contract
> Because adding that check would increase the cost of every user transaction. All AMM swaps would be done with WETH so it’s the right call to not have it in there
There are, of course, other industries with financial incentives against safety features. We usually regulate them.
We can point and laugh at this one person, but according to the reddit thread they're the 265th person to make this mistake, and more than half of the money in the inaccessible account is not theirs.
And that's just for this particular token. You can go to just about any token contract and see how numerous people have sent their tokens to the contract address itself.
I hadn't even thought about this. With BTC early on, the only party to really benefit from lost coins would be "Satoshi", but his coins weren't worth anything until the currency took off anyway, so it was more important and long-term profitable to build a system that didn't lead to user anger than one that would lose coins to deflate what was already a deflationary currency. It really does show how slimy the whole cryptocurrency world has become.
I really can't think of an expression other then "lol" to sum up my response here for just how incredibly stupid this is, as a "platform of the future".
A design which actively discourages robust programming and error handling in financial software. Wow.
Ok… but then if you’re going to throw out these cases you should also address how markets can fix these issues, such as great customer service: “when I fucked up they helped me out, they’ll get more of my business”, or maybe insurance, or just better products that don’t have these issues.
Idk why people conflate libertarianism with this hyper-individualist stuff. It really isn’t the case.
Why should this person get anything back? Code is law. And if code is law all bugs are also law.
The half million was a fair and just transfer. Whoever is the recipient is fully deserving both morally and ethically of their new-found wealth.
If I was on the receiving end of this transaction, I’d thank the sender for the money and move on with my life. Of course I’d never be in the position to receive the funds because I’m not stupid enough to play this game—odds are very good I would be the one who sent half a million dollars by mistake!
I mean, I think I’m joking but not really. If you want to practice “code is law” and really mean it, this is the kinds of stuff that will happen.
The one who has the private keys to that account could give them the ETH back, yeah. But if no one has the private keys, they can not get it back, that would defeat the entire point of cryptocurrencies in the first place.
There are two types of accounts in Ethereum, externally owned accounts (EOA) and contracts. EOA are controlled by private keys where contracts are not. Since the user sent ETH to a contract, he cannot get his ETH back if the contract does not have a method to transfer ETH back. Whereas if he sent ETH to an EOA then the user of that account can send him back ETH.
But of course they can - if they are the right persons, that is. (See DAO hack. Of course, that did defeat the whole purpose of smart contracts but nobody was willing to notice.)
> See DAO hack. Of course, that did defeat the whole purpose of smart contracts but nobody was willing to notice
Of course a lot of people noticed. The problem is that cryptocurrencies are currently primarily functioning as investment object rather than an actual secure financial ledger, which is why the interest of investors will trump purity.
Low-cost insurance is an interesting idea that might actually work to smooth over some of the hard edges of "code is law".
It ought to be possible to craft an insurance policy that would pay out the $500k (or equivalent WETH/ETH) in cases like the one in this article, where the transparency of the ledger clearly shows that the tokens are unrecoverable.
As insurance companies are notorious for declining to pay out, the clear evidence trail would be helpful to allow the insuree to take the claim to a regular court for a human decision on its validity.
Not really. Having the option of a lawsuit is just a backup; the possibility is what makes sure the insurer chooses to pay without one.
An insurer that knows when it doesn't have a case and will be forced to pay (plus costs) when there's clear evidence of coverage and loss will almost always pay without a fight.
However if there are high-value decisions which are not so clear cut, then having the option to go to court or some other mediation system to settle is quite useful. One of the critisms of "code is law" is the lack of mechanism for nuanced, human intervention when something unexpected happens due to a bug, design flaw or unexpected consequence that turns out to be unreasonable.
Code can screw up at scale. And at this point if you’re capable enough to understand the edge cases and offer insurance against them, the insurance went really cover that much.
Markets don't care and they will not fix these issues, because suckers losing money is a much better market proposition than losing money on customer support.
Fo go ahead and learn some history, will you? Almost every single regulation we have in place is precisely because markets never ever fix things.
And yet, disputing charges via your bank and issuing chargebacks via VISA/Mastercard are things that definitely exist and work perfectly fine. And as long as there is no equivalent function in crypto, it won't be suitable as a currency for general use.
And no amount of mocking faux laughter will change that.
Cash transactions are done locally when you can typically inspect the object of the transaction before paying. That's why there is not the same need for these kinds of protection.
Crypto combines the worst properties of cash and wire payment into a package that has no customer protection and is almost tailor made for scammers.
There are customer protections in the form of 1) escrow 2) seller reputation 3) seller depositing some risk capital at a selling platform. That said, customer protections have never really worked for me in fiat world.
That is not entirely true. Stock exchanges will reverse some clearly erroneous trades, even when they are not required to by law, because people trade more when they feel protected against mistakes.
There are plenty of do-overs, it's called the "development phase" and involves testing things on your local computer with the team.
No one gets everything right the first time, but with a lot of testing, you can actually write software that does exactly what you think it will do, and you can achieve pretty cool stuff. Remember that humans wrote the software that took humanity to the moon!
As we know, no software has had bugs caught once launched to prod. The existence of some software that worked under this model is not evidence that it is a good model. "Just test prior to release" is not a complete solution.
Are you talking about the user from https://www.reddit.com/r/ethereum/comments/sfz4kw/did_i_just... ? And do you mean "read-only memory"? I'm not sure how that's relevant. The contract they made the transfer to is read-only yes, like any contract on Ethereum. But they could have tested the contract call with a smaller sum before actually performing the bigger one.
Just like the people writing the computer that took us to the moon, I'm pretty sure they tried it before in small-scale simulations before hooking it up to the rocket and letting it go to the moon.
The idea that people need to treat financial transactions in crypto as if they were writing software for a moon mission shows how impractical the entire space is.
If that was the case, I'd agree with you. But as outlined in the comments of this submission time and time again, it was not what happened here.
The user was not doing a normal transfer (at least, they didn't want to, but they ended up doing). They didn't know what they were doing at all, a simply Google search would have showed them the way. Using UIs instead of interacting with the contract directly would have prevented them from making the mistake they did. Doing a small test transfer before doing the big one would have revealed what was wrong as well.
It's not that I'm comparing writing software for moon missions with making cryptocurrency transactions. I was directly replying to mox1 implying that writing 100% correct code is impossible and shouldn't be attempted.
Yeah, because NASA has been utterly fucked by the congress. Because of politics it's better for NASA to spend 5x the money on 1 reliable spacecraft than to build 5 slightly less reliable spacecraft out of which only 1 fails.
Even if the economics of it don't make sense, NASA can't afford to be seen failing because because politicians will not want to fund them.
I guess my point is that NASA is an exceptionally badly managed entity, not something you'd want to aspire to. (Of course the people working at NASA are not the ones to blame for this.)
>Money matters a lot. Should this mess endure, people will forever be saying a little bit of gas would have been worth it.
That gas would probably add up to more money than has been lost here.
>And we've people with six figure arguments as to why such a check makes sense.
The gas fees of such a check would probably be higher than the losses averted, especially in the long run. And any "losses" are essentially distributed among all ETH holders anyway.
"The gas fees of such a check would probably be higher than the losses averted, especially in the long run. And any "losses" are essentially distributed among all ETH holders anyway. "
Of course not. There will be more advanced software for expert users that allows them to manually create potentially riskier transactions. That's perfectly fine.
Client software targeting end-users should have such checks.
This really doesn't line up with the reality of how most people are congregating around user friendly wallet software and steering away from the more advanced options.
You only one need one wallet software to be the official WETH-approved client, sucks for anyone else risking their money with unsupported software.
We shall see. And for me, safely and at a distance.
Frankly, the small cost of robustness in contracts should have been factored in from the beginning. It just does not need to be so damn lean and rickety.
The incentives are wrong here.
My prediction is the current state of affairs all gets ripped up and replaced after a time. And until that happens, we are likely to see activity largely limited to people who have a healthy appetite for risk.
Perhaps it all is as it should be too. Had the reverse been done, emphasis on slightly more expensive contracts that are robust and able to deny the costly errors, I would imagine others clamoring for people to adopt the rock bottom lean stacks...
There's a ton of money in providing good wallet software. Many people are making a killing by offering good UX, as offering good wallet software puts them in a prime position to offer profit-generating value added services like currency swaps.
>Frankly, the small cost of robustness in contracts should have been factored in from the beginning. It just does not need to be so damn lean and rickety.
It really doesn't seem necessary, more complicated contracts require custom frontends to interact with anyway.
There are 0 do-overs on smart contracts in production. No stopping the network for a minute to triage, no rolling back a minute, no circuit breakers. No "Error 1202, do you want to continue?" pop-up messages.
Back in the day or at least when I ran my own bitcoin node, any call against the blockchain was free. This sounds like someone charging for hitting the API on a rented node, as opposed to an actual cost imposed by the currency to consult the blockchain (?) But maybe the contract-generators aren't even running their own node, just piggybacking on someone else's API. Sure. Cheaper.
AFAIU, smart contracts on the ethereum VM can be arbitrarily complex, so you pay the network to execute them, or a random user with an infinite loop would bring down the network.
You are indeed renting a machine to run some code, and if you want many people to use your code you want to make it cheap. There's a trade off.
You can fuck up things on the BTC blockchain too, "burning" crypto by sending it to a dead address has been a thing for a long time.
It always seemed stupid to me that it was possible, compared to sending money to an invalid IBAN, but I'm not a crypto enthusiast so I may be biased.
On BTC, you could send things to the wrong address, yes. But you can't send the wrong type of currency or send it to a nonexistent address. In this case it seems like the contract has created the black hole (not the Ethereum blockchain itself), but that's even more absurd since someone ultimately should have control over everything that was put into the contract, regardless of the source.
Sending currency to non-existant addresses is how people encode arbitary data on the bitcoin blockchain, so definitely possible.
Giving a person control over the funds allocated to their smart contract probably opens holes where they can steal the smart contract's money, though obviously creating software that handles money and can't be updated is its own kettle of fish.
