Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Greg Colvin
    @gcolvin
    Old Talking Heads song lyric.. lots of bugs and backdoors go unnoticed.
    Seems the owner can take ownership at the time of replacement?
    Nick Johnson
    @Arachnid
    anyone could take ownership at the time of replacement
    Seriously, we're talking about commenting out one line of code, followed by independent review by at least 3 client teams. How would you sneak a back door into that?
    Greg Colvin
    @gcolvin
    No way to provide a better mechanism for replace-deleted-contract-by-owner?
    And are all the similar bad contracts so easily patched?
    Nick Johnson
    @Arachnid
    I'm not sure; that could be reviewed on a case by case basis. All of this is hypothetical, since nobody involved with the original code has proposed a fix yet anyway.
    Jim McDonald
    @mcdee
    Every buggy contract is buggy in its own way (as we're doing quotes)
    Greg Colvin
    @gcolvin
    ^ what he said
    Nick Johnson
    @Arachnid
    I cannot think of any variant of the replacing deleted contracts suggestion that isn't a terrible idea I will fight tooth and nail against introducing, though
    But I'm always happy to be surprised
    Greg Colvin
    @gcolvin
    But you are proposing one now? ;)
    Nick Johnson
    @Arachnid
    No?
    Greg Colvin
    @gcolvin
    As usual, I get lost with more than two people in a conversation. No what?
    Nick Johnson
    @Arachnid
    I assume you were talking about the suggestions that have been mooted to add a general provision to allow contract creators to recreate or replace deleted code
    I was talking instead about the practicality of a one off change to the code hash of one contract
    Greg Colvin
    @gcolvin
    Oh. Practical, but not acceptable unless it applies to all similar situations.
    WHich we maybe don’t want to get into.
    Jim McDonald
    @mcdee
    I think that regardless of the solution the problem is going to be that if there is any suggestion that lost funds can be recovered then everyone will not only desire but expect their funds to be recovered. They'll not bother to spend too long learning about the situations in which recovery is feasible, sane or desirable but instead will make noise. Could become very ugly very quickly. But as I'm in the peanut gallery for this one I'll duck out now.
    Greg Colvin
    @gcolvin
    Is my idea of letting callers of the replacement opt-in unworkable?
    Nick Johnson
    @Arachnid
    What other similar situations are there? I feel like we would have heard about them
    @gcolvin I don't know; how would it work?
    @mcdee I agree
    And I'm likewise going to retire to the sidelines and wait to see if anyone involved actually puts forward any proposals, instead of arguing about hypothetical feasibility.
    Greg Colvin
    @gcolvin
    I proposed above that we replace deleted contracts with a contract that allows the owner of the contract account to redirect to arbitary code and the caller of the deleted contract to signal whether they want that to happen. @Arachnid
    Nick Johnson
    @Arachnid
    Nobody is suggesting "going back in time"
    Nobody in here, then.
    And nobody else I'm aware of.
    Why do you think recovering lost funds has to require "going back in time"?
    I once had my bike stolen; it was recovered and returned to me. No time travel was involved.
    Well, then you should clarify what you mean by it.
    hughlang
    @hughlang
    I think the name of this group and the topic at hand is just a honeypot for snarkiness and trolls
    Ok, i see what you are
    Nick Johnson
    @Arachnid
    @phalexo Then again, I recommend you clarify what you're actually talking about.
    What are your ledgers, and what disaster?
    Nick Johnson
    @Arachnid
    What sort of disaster are you hypothesising in which a backup would be required?
    Nick Johnson
    @Arachnid
    So, you're asking, in a channel related to ether recovery, if you should back up the state of your contracts against some unspecified disaster, but have no idea what the disaster might be or why it would occur?
    Greg Colvin
    @gcolvin
    @Arachnid Not sure if this got lost in other discussion or is just a bad idea

    I proposed above that we replace deleted contracts with a contract that allows the owner of the contract account to redirect to arbitary code and the caller of the deleted contract to signal whether they want that to happen.

    So a replaced contract continues to appear deleted to a caller until that caller signals that it accepts the replacement.
    Martin Holst Swende
    @holiman
    How would a caller signal that? The caller contract cannot change it's way of calling @gcolvin
    Greg Colvin
    @gcolvin
    Can the called contract know who is calling?
    Greg Colvin
    @gcolvin
    That only a semi-rhetorical question, @holiman, as I’m in the midst of tying to answer it myself from the yellow paper. I’m pretty sure answer is yes, as transaction get signed with the senders private key.
    So I imagine the owner of the caller of the deleted contract would need to execute a transaction signed with the same private key to signal the proxy that it accepted the replacement. That fact goes in storage, and from then on calls by that private key redirect to the replacement code. (Or something like that.)
    Nick Johnson
    @Arachnid
    What's to stop me, the deployer of the deleted library, from replacing it with one that gives me all the money, then calling the wallets and saying "yes, I accept the new code"?
    Matthew P. Schmidt
    @Smithgift
    Out of curiosity, why do you consider the "replacing deleted contracts" variations a bad idea? It seems the simplest fix for the Parity situation to me. (I'm not necessarily endorsing it at that.)
    Nick Johnson
    @Arachnid
    The general suggestions involve allowing any contract creator to replace a deleted contract with anything they like. That violates important invariants in Ethereum.
    Matthew P. Schmidt
    @Smithgift
    Ah. Agreed on that. But if it's just a one-off Parity fix, then I think the cost is that of making an exception in the first place.
    Nick Johnson
    @Arachnid
    I agree.
    Federico Bond
    @federicobond
    I think of selfdestruct as a mechanism for reclaiming space from unused contracts, coupled with a small economic incentive to doing so, not as a way to change any of the behaviour of the code at a certain address. This makes even more sense when we consider incentives for hibernating contracts under a system that charges storage rent. I have read/skimmed this whole thread but I don't think I have correctly understood the objections to letting anyone resuscitate a contract with the same code AND STORAGE that it had at the point selfdestruct was called.
    Greg Colvin
    @gcolvin
    @federicobond The problem is that if the deleted code had a bug then resurrecting it won’t help matters.
    @Arachnid @holiman I’m not sure I understand your question Nick, though answer might be, “Nothing, but why does it matter?” My idea goes like this.
    Greg Colvin
    @gcolvin
    The fork itself replaces deleted contracts with a proxy. The proxy has a methods to
    1) Set where the proxy can redirect to. Only the owner of the contract account can call this, and only once.
    2) Let a potential caller see what the redirection is, if any.
    3) Let a potential caller signal that it wants to be redirected. This reverts if no redirection has been set.