I read this paper with my team. We have serious reservations about their methodology, and think their claims about impact are grossly overstated. Thread follows.https://twitter.com/motherboard/status/966738108631867392 …
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
In our own testing at @trailofbits, we have tools (e.g., Slither and others) that have detected _thousands_ of vulnerabilities on the public Ethereum blockchain, but most of the contracts affected are not used or are useless.
We think our work contributes to the field and have found many issues for our clients with them, but we have resisted fantastical headlines like the ones in this paper because we are aware of the caveats.
Many of the articles written about this paper have neglected to note that it was never accepted to a peer-reviewed journal, a process which exists to root out exactly these issues of bias and methodology.
Further, many journalists writing about this paper have only interviewed its authors for commentary, neglecting to speak with industry experts. Please consider myself and the team @trailofbits a source when writing about blockchain security!
In order to move this conversation forward, we’re calling on the MAIAN team to release the raw data they used to discover these issues, or share it privately with a qualified team capable of reviewing it.
Oops! Lost in Twitter's threaded replies: "For example, they could have only counted contracts with at least X transactions or contracts that received more than Y ethers. Defining some kind of low watermark is essential for reviewing contracts on public chains."
Quoting a few tweets so they show up in threaded replies: "The only contract address cited in this paper never had any ether sent to it"https://twitter.com/computerality/status/966802544247869440 …
Ethereum mainnet was once used as a testnethttps://twitter.com/maurelian_/status/966810648171765760 …
It's 2018. If you publish research, publish your data too.https://twitter.com/defendtheworld/status/966801561694490628 …
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.