Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mitra.vpclmulqdq.moe/objects/018b4d0e-abbd-f1f3-2a1b-33de96a910a3">Grey Area (greyarea@mitra.vpclmulqdq.moe)'s status on Saturday, 21-Oct-2023 00:46:36 JST</a><a href="https://mitra.vpclmulqdq.moe/users/greyarea" title="greyarea@mitra.vpclmulqdq.moe"><img src="https://gnusocial.jp/avatar/160416-48-20230815135216.webp" width="48" height="48" alt="Grey Area" style="position: absolute; left: 0; top: 0;">Grey Area</a></section><article><p>As an unsolicited opinion since smart contract languages came up in my feed, the whole "smart contract" concept is nice in theory but terrible in practice, because:</p><p>- Regardless of language[1], people can't code their way out of a wet paper bag.<br>- The testing/debugging/verification tooling is one of non-existent, shit,<br>or complicated/exotic[2].<br>- By it's very nature, errors lead to irreversible damage, and architectural changes that mitigate "programmer fucked up, sorry for your loss, have fun staying poor" go against the crypto ethos.</p><p>I want my digital currency alternatives to be as stupid as possible, and as private as possible (which also is a losing battle due to politics, but that's another rant).</p><p>[1]: Not even crab-lang can save your smart contract from developer errors. <a href="https://www.certik.com/resources/blog/1kDYgyBcisoD2EqiBpHE5l-wormhole-bridge-exploit-incident-analysis">https://www.certik.com/resources/blog/1kDYgyBcisoD2EqiBpHE5l-wormhole-bridge-exploit-incident-analysis</a><br>[2]: See <a href="https://github.com/AU-COBRA/ConCert">https://github.com/AU-COBRA/ConCert</a> for an example of tooling that should be mandatory.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2211357#notice-4348189">In conversation</a><time datetime="2023-10-21T00:46:36+09:00" title="Saturday, 21-Oct-2023 00:46:36 JST">Saturday, 21-Oct-2023 00:46:36 JST</time> <span>from <span><a href="https://mitra.vpclmulqdq.moe/objects/018b4d0e-abbd-f1f3-2a1b-33de96a910a3" rel="external" title="Sent from mitra.vpclmulqdq.moe via ActivityPub">mitra.vpclmulqdq.moe</a></span></span><a href="https://mitra.vpclmulqdq.moe/objects/018b4d0e-abbd-f1f3-2a1b-33de96a910a3">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: images.ctfassets.net</div><h5><a href="https://www.certik.com/resources/blog/1kDYgyBcisoD2EqiBpHE5l-wormhole-bridge-exploit-incident-analysis">Wormhole Bridge Exploit Incident Analysis - Blog - Web3 Security Leaderboard</a></h5><div></div></header><div>TL;DR
On February 02, 2022 at 5:58 PM +UTC, a malicious actor launched multiple attacks aiming to bypass the verification process of the Wormhole bridge on Solana. The attacker carried out the second-largest crypto theft from a DeFi protocol ever, which resulted in the loss of roughly 120,000 Wormhole Ethereum (WeETH) worth over $320M.</div><footer></footer></article></li><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/AU-COBRA/ConCert">GitHub - AU-COBRA/ConCert: A framework for smart contract verification in Coq</a></h5><div></div></header><div>A framework for smart contract verification in Coq - GitHub - AU-COBRA/ConCert: A framework for smart contract verification in Coq</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Grey Area (greyarea@mitra.vpclmulqdq.moe)'s status on Saturday, 21-Oct-2023 00:46:36 JST Grey Area
As an unsolicited opinion since smart contract languages came up in my feed, the whole "smart contract" concept is nice in theory but terrible in practice, because:
- Regardless of language[1], people can't code their way out of a wet paper bag.
- The testing/debugging/verification tooling is one of non-existent, shit,
or complicated/exotic[2].
- By it's very nature, errors lead to irreversible damage, and architectural changes that mitigate "programmer fucked up, sorry for your loss, have fun staying poor" go against the crypto ethos.
I want my digital currency alternatives to be as stupid as possible, and as private as possible (which also is a losing battle due to politics, but that's another rant).
[1]: Not even crab-lang can save your smart contract from developer errors. https://www.certik.com/resources/blog/1kDYgyBcisoD2EqiBpHE5l-wormhole-bridge-exploit-incident-analysis
[2]: See https://github.com/AU-COBRA/ConCert for an example of tooling that should be mandatory.
In conversationSaturday, 21-Oct-2023 00:46:36 JST from mitra.vpclmulqdq.moepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: images.ctfassets.net
  Wormhole Bridge Exploit Incident Analysis - Blog - Web3 Security Leaderboard
  TL;DR On February 02, 2022 at 5:58 PM +UTC, a malicious actor launched multiple attacks aiming to bypass the verification process of the Wormhole bridge on Solana. The attacker carried out the second-largest crypto theft from a DeFi protocol ever, which resulted in the loss of roughly 120,000 Wormhole Ethereum (WeETH) worth over $320M.
2. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  GitHub - AU-COBRA/ConCert: A framework for smart contract verification in Coq
  A framework for smart contract verification in Coq - GitHub - AU-COBRA/ConCert: A framework for smart contract verification in Coq

Public

Embed Notice

HTML Code

Corresponding Notice