Comment This issue preventable with formal verification (Score 0) 44
There's an entire branch of formal language theory and information security dedicated towards making grammar explicit and unexploitable by reentrance issues like these. It's called language-theoretic security, or langsec for short.
http://langsec.org/
This is actually a solved problem and Etherium if it was made by smart people could have structured its contracts in a manner that was subject to formal verification. It was not made by smart people, and formal verification is impossible. They did not consult with langsec experts or read any of the relevant papers to prevent parse tree differential attacks before wrapping hundreds of millions of dollars of deposits in this thing. What they have done is a level of negligence that should be criminal.
The effective market value of all of Etherium is $0 when people understand this. It cannot be secured as it was written by the developers. Smart contracts are an interesting idea and could happen in the future-- but not without roots of formal verification. This is a fraud as big as Theranos at this point.
http://langsec.org/
This is actually a solved problem and Etherium if it was made by smart people could have structured its contracts in a manner that was subject to formal verification. It was not made by smart people, and formal verification is impossible. They did not consult with langsec experts or read any of the relevant papers to prevent parse tree differential attacks before wrapping hundreds of millions of dollars of deposits in this thing. What they have done is a level of negligence that should be criminal.
The effective market value of all of Etherium is $0 when people understand this. It cannot be secured as it was written by the developers. Smart contracts are an interesting idea and could happen in the future-- but not without roots of formal verification. This is a fraud as big as Theranos at this point.