That is brilliant, love to see these getting pwned, and via such silly little bugs too.
Amusing to see that the developers so quietly patched it. I do wonder if they noticed the exploit themselves or were informed of it by an interested third party.
I keep seeing these posts about smart contracts that contain failures that I feel should be super basic for someone specialised in writing smart contract code. Sometimes it's a contract that gets stuck, other times it's a contract that doesn't check if the money was already redeemed.
Do the people setting up these platforms not automatically check for these flaws? Static code analysis has come a long way for normal programming languages and a cursory Google search comes up with at least 4 analysers and 2 fuzzers for these things. Are these tools not mature enough or did the devs simply neglect to run them?
2 comments
[ 2.8 ms ] story [ 12.6 ms ] threadAmusing to see that the developers so quietly patched it. I do wonder if they noticed the exploit themselves or were informed of it by an interested third party.
Do the people setting up these platforms not automatically check for these flaws? Static code analysis has come a long way for normal programming languages and a cursory Google search comes up with at least 4 analysers and 2 fuzzers for these things. Are these tools not mature enough or did the devs simply neglect to run them?