2 comments

[ 2.8 ms ] story [ 12.6 ms ] thread
That is brilliant, love to see these getting pwned, and via such silly little bugs too.

Amusing to see that the developers so quietly patched it. I do wonder if they noticed the exploit themselves or were informed of it by an interested third party.

I keep seeing these posts about smart contracts that contain failures that I feel should be super basic for someone specialised in writing smart contract code. Sometimes it's a contract that gets stuck, other times it's a contract that doesn't check if the money was already redeemed.

Do the people setting up these platforms not automatically check for these flaws? Static code analysis has come a long way for normal programming languages and a cursory Google search comes up with at least 4 analysers and 2 fuzzers for these things. Are these tools not mature enough or did the devs simply neglect to run them?