This is an archived post.You won't be able to vote or comment.I've made a list of contracts which will be 100% broken after the hardfork.There is a balance in some of them, you can verify it yourself.(self.ethereum)submitted by Some issues with proposed hard fork: /r/ethereum/comments/57n2ql/why_i_believe_the_eip150_hardfork_may_break/ One of the responses of core developer: In the former case, the call will fail with out-of-gas immediately.In the latter case, no change will be made.The EIP will never send more gas than specified to the callee.It means every contract which uses CALL with less than 700 gas will be broken.Now take this list: /5swFBy6h And look at disassembled code of any account, for example this one with 0.03 ether: /account/0x08a0d8bf5c40e95065c83211bb6a6b1a4dea9246#codeDisasm Now search for "CALL".If there is a "PUSH" just before look at a value - contract will be unusable if value is lower than 700 (0x2bc in hex).I've made this list by very simple static analysis, 30 minutes of work.

Contracts are dynamic, gas can be pushed by other instruction like ADD, SUB etc. so amount of broken contracts is much bigger for sure, and because there are also other problems I linked to.Did developers take an effort to check it?π Rendered by PID 12790 on app-234 at 2017-06-24 11:02:08.288724+00:00 running 3522178 country code: SG.The DAO, the distributed autonomous organization that had collected over $150m worth of the cryptocurrency ether, has reportedly been hacked, sparking a broad market sell-off.A leaderless organization comprised of a series of smart contracts written on the ethereum codebase, The DAO has lost 3.6m ether, which is currently sitting in a separate wallet after being split off into a separate grouping dubbed a "child DAO".Ether markets plunged on the news, falling below $13 in trading on the cryptocurrency exchange Poloniex.With ether currently trading at roughly $17.50 per coin, that puts the value of the stolen cryptocurrency at more than $60m.News of the hack first began to circulate on Reddit and other social media sites this morning, prompting Ethereum co-founder Vitalik Buterin to call for a pause in trading in ether markets as well as those for DAO tokens, which are used to vote on funding proposals for the decentralized group.

TheDAO was launched in May using open-source code written by Slock.it, an Ethereum-focused startup based in Germany.The DAO is designed to operate like a venture capital fund empowering it members to fund ethereum projects.To become a voting member of The DAO tokens were sold in exchange for ether during a month-long “creation phase” that resulted in $162m worth of ether being raised.A measure was built into The DAO code that allows for “child DAOs” to be formed in which members could split off for various purposes.Earlier this week, word of a so-called “recursive call” attack that could be used to drain some smart contract accounts emerged following a blog post by Bitcoin Foundation founder Peter Vessenes.A solution was produced by Slock.it and uploaded to GitHub.For now, the ethers moved to the second DAO appear to be frozen.Gustav Simonsson, a member of the Ethereum Foundation that helps over see the Ethereum codebase, posted on Reddit the funds in question can't be spent until 14th July, as they are locked in that child DAO's creation phase.

Next steps include a possible two-part fork of the Ethereum blockchain, as explained in a note published by Buterin.The fork would not roll back or reverse any transactions, but instead seek to prevent the further drain of ethers from The DAO by providing a mechanism for reacquiring them.Rushing water image via Flickr The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies.ethereum illegalHave breaking news or a story tip to send to our journalists?bitcoin reddit slackBreaking Ethereum 😈 Lessons learnt from broken contracts 10 September 2016Thomson Reuters Hackethon Péter Szilágyi Ethereum Core Developer Ether faucet – 0x793ae8c1b1a160bfc07bfb0d04f85eab1a71f4f2 } Give away 0.01 Ether to anyone, once per 24 hours... what could go wrong?bitcoin club for northern australia

😇 Ether faucet – pwned 🙃 Payout (0.01 Ether) is a nice amount 4.1x withdrawals (48748 gas * 50 gwei) 9.5x transactions (21000 gas * 50 gwei) Faucet security ⇔ Account uniqueness 24h restriction applies per account No global withdrawal throttling Roulette – 0x5fe5b7546d1628f7348b023a0393de1fc825a4fd Sizeable implementation of a roulette game Users bet on various outcomes of a "spin" After each bet the contract spins the wheel } Uses an onchain random number generator... what could go wrong?bitcoin casino no minimum deposit😇 Roulette – pwned 🙃 Miners make the chain Block parameters are defined by miners Included transactions are chosen by miners Transactions are aware of the chain Block parameters are shared between them Contracts decide runtime how to invoke others Etherdice – 0x2faa316fc4624ec39adc2ef7b5301124cfb68777 Fairly involved dice game Owner seeds round with hidden number Players bet on outcomes with own numbers Owner reveals the number, evaluating the round } Iterate over all accumulated bets in one go... what could go wrong?bitcoin april crash chart

😇 Etherdice – self pwned 🙃 Blocks have limited gas allowances Limits the transactions in a block Limits the gas of a single transaction Etherdice iterated all bets when closing a round Gas usage increased linearly with popularity 😕 Reaching critical mass, the contract locked up 🙃 GovernMental – 0xf45717552f12ef7cb65e95476f217ea008167ae3 Twisted Ponzi scheme with smart contracts Newcomers invest money to become members Members earn returns from newcomer investments } Casually reset the contract at round end... what could go wrong?bitcoin weed seeds😇 GovernMental – self pwned 🙃 Contract storage in EVM is a single hash map All contract fields map into the same storage area Array elements map into the same storage space too Freeing up a field ⇔ zeroing out a storage entry Freeing up an array ⇔ freeing all associated entries King of the Ether – 0xb336a86e2feb1e87a328fcb7dd4d04de3df254d0 Game of Thrones pyramid contract Usurpers pay the ether-price for the throne The ruler is paid and mysteriously disappears } Send blindly to compensate the previous ruler... what could go wrong?bitcoin nasıl bulunur

😇 King of the Ether – broken 🙃 Sending funds is an external CALL operation Recipient execution limited to 2300 gas Returns whether the send succeeded But what if the ether transfer failed?Not caring easily breaks invariants!MakerDAO – 0xe02640be68df835aa3327ea6473c02c8f6c3815a Contracts and frameworks for an on-chain crypto exchange Users deposit and trade various tokens (and Ether) Users are free to withdraw coins at any point } Send funds with full gas allowance... what could go wrong?bitcoin asics usb😇 MakerDAO – preventive pwned 🙃 Calling another contract relinquishes execution Arbitrary code may execute (different context) Entire granted gas allowance may be consumed Recipient may have enough gas to call further Can update multiple related contracts (good) Can call back in to the original contract (hmmm) Pre-homestead multisig wallet Wallet contract requiring multiple authorizations To save on deploy: user → stub (multi) → code (single) Context needs to be forwarded down the call chain } Simply use tx.origin for authentication... what could go wrong?free ltc litecoin

😇 Pre-homestead multisig wallet – swapped before pwn 🙃 Pre-homestead, libraries used CALLCODE Forwards runtime context, except msg.sender Libraries relied on tx.origin to authorize the transactor Internal transactions retain the same tx.origin My nested contracts can authorize me (good) Not my nested contracts can reenter as me (oops) TheDAO – 0xbb9bc244d798123fde783fcc1c72d3bb8c189413 Beer keg – 0x629469c8db3a4d7bcc3a823effcf8900119ba7e7 Untappable beer contract A round of beer inside (5 Ether) Crack it open?Have a round on me!} Legacy of the fallen ones... ଘ(੭*ˊᵕˋ)੭ Accounts are free, instantaneous and infinite!(20 Ether) Blockchain state is free for all to use and abuse!(150 Ether) Operations above O(1) will exceed the gas limit!(5192 Ether) Understand and avoid magical constructs!(1100 Ether) Anything that can go wrong, will go wrong!(42 Ether) External calls will eventually loop back in!