1

Any piece of code will have some degree of vulnerability, and any such code that attracts any level if attention is bound to be exploited through these vulnerabilities.

In conventional (centralised) systems, these vulnerabilities are handled through regular incremental updates that the originator distributes to patch against any vulnerabilities discovered over time.

How are smart contracts vulnerability exploits meant to be secured against over time? Assuming that the code is free from exploits on deployment surely cannot be a solution.

eth
  • 85,679
  • 53
  • 285
  • 406
zanzu
  • 5,360
  • 4
  • 25
  • 43
  • Related: http://ethereum.stackexchange.com/questions/2404/upgradeable-contracts – eth Jun 19 '16 at 06:36
  • Thanks eth. Indeed thread 2404 is related and relevant to this thread. This questionhighlights the significance of "upgradeability"- not just as a vehicle for functional enhancements, but also for the continuing safe execution of the contract (under the premise that no contract with some degree of complexity will be free from vulnerabilities). As recent events have shown even the best experts can write vulnerable code (as if this need proving), and better (embedded) frameworks than the DIY approaches in thread 2404 will be needed to prevent the (dangerous) proliferation of unmaintable code. – zanzu Jun 19 '16 at 07:13
  • Agree better tools are needed. Is there another question you are asking, or does closing to 2404 work? There are ~2-4 other questions IIRC like 2404 that I've been trying to group together, and I don't think a 5th question on the topic is going to help people find good answers... – eth Jun 19 '16 at 07:33
  • 1
    Happy to close and use 2404 as the master. – zanzu Jun 19 '16 at 07:35

0 Answers0