Last year, The DAO, a decentralized ‘autonomous’ investment fund, got hacked for $50 million. In July, a hacker was able to steal $31M of Ether by exploting a bug found in Parity’s wallets. Today, we have the worst hack yet, only this time, the stakes are even bigger and it is all just one big fuck-up.
Two days ago, a user named ‘devops199’ opened an issue on Parity’s Github, titled “anyone can kill your contract”, seemingly wanting to let Parity, a company that provides smart contracts for users of the Ethereum network, know about a vulnerability in their smart contract.
The smart contract that he was referring to, concerns a ‘multi-signature-contract’, which is used by a large amount of people as a ‘digital wallet’ to safely store their Ethereum. Apparently, this wallet had a ‘bug’ in its code. The bug, or, better said, security vulnerability, allowed Devops199 to make himself one of the ‘owners’ of the contract. This gave him the permission to do pretty much anything.
What Devops199 did then, might just be one of the most expensive mistakes ever made:
He ‘killed’ the contract.
Essentially, he deleted the function of the smart contract that allowed the owners of the Ethereum to transfer their Ethereum. He locked the Ethereum up in the contract, rendering it completely useless — forever. Still, it seems like he did not quite understand what had just happened.
“Wil ether transfer by owners work?”
No… No it won’t. You pretty much just deleted a f*ck load of money.
Essentially, everyone who used this multi-sig wallet, can no longer access their Ethereum anymore. Estimations of how much Ethereum was actually in these contracts range from $150 million USD to $300 million USD.
Parity, who also had their multi-sig wallets hacked in Juli, issued a ‘Security Alert’ once again, stating:
“We very much regret that yesterday’s incident has caused a great deal of stress and confusion amongst our users and the community as a whole, especially with all the speculation surrounding the issue. We continue to investigate the situation and are exploring all possible implications and solutions.”
The last thing that we heard from Devops199:
It should be noted that the Ethereum itself is not actually completely deleted. It still exists; it can simply not be accessed.
Imagine that 280 million USD is stored in a deposit box. Somehow, a random guy was able to walk into the bank and say he was the owner of the security box. He was handed full access without a problem and subsequently permanently deleted the key to the deposit box. This key, was completely unique and can in no way be recreated again.
At least, not under the rules of the network. There is, however, a solution to this problem. One that is pretty controversial.
When the DAO, a decentralized investment vehicle, was hacked earlier this year, the situation was fixed with a ‘hard fork’. The Ethereum foundation released a new version of their client, in which they had injected new transactions to ‘steal’ the Ether back from the hacker controlled smart contracts. Of course, technically these new transactions were against the rules of the Ethereum network, but as they were hard-coded into the Ethereum clients, the “rules” were specifically changed to allow these (and only these!) otherwise rule-breaking transactions.
However, when the decision was made to hard fork the Ethereum network to recover the funds lost during the DAO hack, a part of the network did not agree with the decision. Those who did not agree with the provided solution, believe that ‘Code is Law’, and this change is illegal. As such, they kept using the ‘original’ software instead. Suddenly, there were 2 versions of Ethereum: Ethereum, and Ethereum Classic.
Ethereum Classic still exists to this day, and at the time of writing, it’s market capitalization is about $1.3 billion USD, whereas the ‘forked’ Ethereum chain (the one that reverted the hack) is worth around $30 billion USD.
It is very doubtful that the Ethereum network will opt for a hard fork again, seeing the controversy it caused last time. No doubt, Ethereum classic would benefit as a result. After all, where is the monetary limit for the Ethereum foundation to advocate for a quick fix that goes against the rules of their own network?
Edit: The original version of this piece had a mistake in it. Thanks to Rene Schneider for correcting me on it.
It might be time to take a step back and re-think the design of smart contracts. This is not the first time a bug in one of these contracts led to gigantic sums of money being compromised. The Ethereum Foundation likes to brag that Ethereum, as a smart contract platform, is ‘turing-complete’, meaning that pretty much anything can be coded and deployed on top of it. So far, this particular choice of design has resulted in more than half a billion dollar being compromised in one way or the other.
Turing-completeness consistently leads to vulnerabilities, as a contract is naturally only as good as its developer. Ask any developer about how often they accidentally write bugs into their code, with or without noticing, and you might understand why the whole concept of un-audited ‘turing-complete’ smart contracts is terribly dangerous when there is this much money at stake. Design choices have their consequences, and at some point it is time to re-evaluate them. For example, it might make sense for a smart contracting platform to only allow the deployment of ‘pre-vetted’ smart contracts, that are made and audited by professionals.
Of course, that is a very centralized process in a decentralized system. And sure, there are many trade-offs in the meta-design of a smart contract platform. But these trade-offs are worth thinking about, because Ethereum will always be plagued by security issues if nothing changes.
Supporters of Ethereum will say that I should not blame the platform for the mistakes made by smart contract developers and that’s a valid point to some degree. However, let’s not forget that Parity is not run by some unknown, incompetent boy in his puberty, deploying his first smart contracts. No, it is founded Gavin Wood himself, one of the co-founders of Ethereum.
If even his smart contracts consistently have such flaws, how secure will the majority of Turing-complete smart contracts be in the future?
Thijs Maas is a law student with a healthy obsession for the legal challenges that arise in relation to the wave of innovation brought by distributed ledger technologies. He recently founded www.lawandblockchain.eu, a website that acts as a hub for information, insights and academic research on the subject.
P.S. Yes, I will write about the legal questions this ‘mistake’ raises soon.