Ethereum’s Solidity Flaw Exploited in DAO Attack Says Cornell Researcher
Ethereum itself seems to be flawed according to the latest developments on the DAO Hack. Philip Daian, a researcher at Cornell University’s Initiative for Crytocurrencies & Contracts, just presented his latest findings on the hack, concluding: I would lay at least 50% of the blame for this exploit squarely at the feet of the design of the Solidity language. This may bolster the case for certain types of corrective action. I refuse to lay the blame exclusively on a poorly coded contract when the contract, even if coded using best practices and the following language documentation....
Related News
A paper released yesterday by researchers Ittay Eyal and Emin Gun Sirer at Cornell University suggested a subtle new way in which the bitcoin mining network could be vulnerable to a form of economic attack called 'Selfish Mining'. Gavin Andresen, the lead developer of Bitcoin, was quick to dismiss the paper and its contents. Executive summary of Cornell paper: not a big deal even assuming their analysis is correct (I'm not yet convinced). - Gavin Andresen (@gavinandresen) November 5, 2013. Although a similar attack called the 'Mining Cartel Attack' was proposed as early as 2010, the new....
On September 18, a Redditor posted to the r/bitcoin forum and explained how he discovered a way to “attack [the] lightning Network’s custodial services.” The Reddit account dubbed “Reckless Satoshi” wanted to figure out if a “discrepancy between real routing fees and service’s transaction fee can be exploited for a profit.” The researcher disclosed that he wanted to see how large the damage could be and said “it is bad.”
6 Lightning Network Custodial Services Attacked, Researcher Discloses Findings to Offenders....
Rug Pull Finder's NFT contract was abused to allow two scammers to mint 450 NFTs instead of one per wallet. In an ironic twist, Rug Pull Finder (RPF), a nonfungible token (NFT) watchdog focused on identifying Web3-based fraud has fallen victim to a smart contract exploit of its own.According to the NFT investigator’s post on Twitter on Sept. 2, two people exploited a technical flaw in the project during the free mint stage — pilfering 450 NFTs out of a possible 1,221 which were intended to be limited to one per wallet.As discussed on our Twitter space's earlier today - We messed up. We....
Ethereum has successfully upgraded its network to address a number of attack vectors that were constantly exploited in September and October of this year. Just before Devcon2’s opening, an attacker exploited a smart contract gas mispricing bug which threatened to derail Ethereum’s big day. The developers, however, were able to take emergency measures, allowing the network to continue operating, but after Devcon2, for a period of two weeks, the attacker kept exploiting the same bug in different and creative ways, leading Gavin Wood, founder of Parity Technologies, to call for a hardfork.....
Moola, a decentralized finance (defi) lending and borrowing platform, was recently exploited for $8.4 million in what has been described as an “incredibly simple attack.” Moola responded to the attack by pausing all activity on the platform. The defi platform also told the attacker(s) it was willing to negotiate a “bounty payment in exchange for returning the funds within the next 24 hours,” and Moola Market has since claimed that “93.1% of funds have been returned to the Moola governance multi-sig.” Funds Siphoned From Moola The decentralized finance....