Further, many journalists writing about this paper have only interviewed its authors for commentary, neglecting to speak with industry experts. Please consider myself and the team @trailofbits a source when writing about blockchain security!
-
Show this thread
-
In order to move this conversation forward, we’re calling on the MAIAN team to release the raw data they used to discover these issues, or share it privately with a qualified team capable of reviewing it.
3 replies 2 retweets 8 likesShow this thread -
Oops! Lost in Twitter's threaded replies: "For example, they could have only counted contracts with at least X transactions or contracts that received more than Y ethers. Defining some kind of low watermark is essential for reviewing contracts on public chains."
1 reply 0 retweets 2 likesShow this thread -
Dan Guido Retweeted Jay Little
Quoting a few tweets so they show up in threaded replies: "The only contract address cited in this paper never had any ether sent to it"https://twitter.com/computerality/status/966802544247869440 …
Dan Guido added,
1 reply 1 retweet 4 likesShow this thread -
Dan Guido Retweeted more alien
Ethereum mainnet was once used as a testnethttps://twitter.com/maurelian_/status/966810648171765760 …
Dan Guido added,
1 reply 1 retweet 4 likesShow this thread -
Dan Guido Retweeted Alex Radocea
It's 2018. If you publish research, publish your data too.https://twitter.com/defendtheworld/status/966801561694490628 …
Dan Guido added,
1 reply 4 retweets 24 likesShow this thread -
Replying to @dguido
Yep it's sensationalist. The multi-trandactional approach is great though.
1 reply 0 retweets 1 like -
Replying to @muellerberndt @dguido
We need to deploy something that detects & shows vulns in all mainnet contracts at scale. It's not that difficult.
1 reply 0 retweets 0 likes -
Replying to @muellerberndt
I think that's a bandaid for the root cause problem that the tooling allows such insecure code in the first place. You shouldn't have to wait until deploy to find out something is broken.
2 replies 0 retweets 1 like -
Replying to @dguido @muellerberndt
IMHO A tool that "detects & shows" vulnerabilities at scale is far more useful to blackhats. How many defensive teams make adequate use of Shodan or respond to alerts from ShadowServer?
2 replies 0 retweets 0 likes
At the very least, the incidence rate of vulnerabilities detected is too high. Investing effort to lower the rate would make surveillance efforts more compelling.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.