Conversation

Someone stole $320M in crypto, and apparently the root cause was that whoever designed this thought it would be a good idea to check for signatures by *retroactively checking that the previous instruction was, indeed, a signature check*. What‽

Quote Tweet

Within "verify_signatures", the Wormhole program attempts to check that the thing that happened right before this function was triggered was that the Secp256k1 signature verification function was executed: github.com/certusone/worm

Show this thread

108

450

Hector Martin

@marcan42

Feb 3

I love how these people are using Rust and then building layers upon layers of second- and third-systems on top that are a fragile mess. And if they make a single mistake hundreds of millions of dollars just vanish.

163

Hector Martin

@marcan42

Feb 3

I'd say you'd think they could afford to hire security people who know what they're doing to tell them what they're doing is insane, but 1) security people who know what they're doing don't want to touch this with a 10ft pole, and 2) they'd ignore whatever they say anyway.

160

Daniel Micay

@DanielMicay

Replying to

@marcan42

twitter.com/DanielMicay/st It's an unworkable approach. I don't see how users can ever be expected to vet complex ad-hoc smart contracts even if they're developers familiar with the platform. It'd be hard enough to get it right once let alone everyone building their own contracts.

Quote Tweet

Daniel Micay

@DanielMicay

Feb 3

Replying to @0xabad1dea

There's a huge difference between the simple smart contracts supported by Bitcoin such as 3-of-5 multisig which becomes 2-of-5 multisig after 5 years vs. writing complex contracts in the equivalent of JavaScript where you're near guaranteed to have bugs/deficiencies ship with it.

6:10 AM · Feb 3, 2022Twitter Web App

Replying to

and

Trying to make a highly secure implementation of a dramatically simpler protocol like Bitcoin would already be quite difficult. I think whether smart contracts are reasonable really depends on how you define it. I don't see how any Ethereum-style approach can work out at all.

Replying to

and

A standard tiny set of conditions that's agreed upon for an application like payment channels (such as Lightning's 2-of-2 multisig and timelocks) is scary enough and deserving of an immense amount of review and debate over years. People have gotten way ahead of what's reasonable.

Show replies