I blogged about this recently. Solidity is a LANGSEC failure, IMO, specifically because it is Turing complete:
https://tonyarcieri.com/a-tale-of-two-cryptocurrencies Particularly interesting, I think, is this paper describing how similar problems come up in objcap systems and recursion: https://ssrg.nicta.com.au/publications/papers/Murray:phd.pdf Bitcoin's scripting language was intentionally *not* Turing complete, and I think that was a wise decision. On Wednesday, July 27, 2016, Carter Schonwald <carter.schonw...@gmail.com> wrote: > yes it is unsound. in some respects its worse than C / PDP11 style > systems. but without the decades of investment in software assurance tools > that still aren't where they should be > > > please note that this is my professional/personal opinion as a PL / > computer science researcher, and is strictly my opinion rather than > official stance of any organizations i may or may not be affiliated with :) > > -Carter > > > > > On Wed, Jul 27, 2016 at 1:38 PM, Nils Dagsson Moskopp < > n...@dieweltistgarnichtso.net > <javascript:_e(%7B%7D,'cvml','n...@dieweltistgarnichtso.net');>> wrote: > >> Hi, >> >> I have a question regarding the Ethereum cryptocurrency: If Ethereum >> contracts (i.e. programs for the Ethereum virtual machine) can be turing >> complete, does that mean that it is impossible to verify their behaviour >> in general? It seems to me the foundations of Ethereum are not sound. >> >> For more Information, see: <https://en.wikipedia.org/wiki/Ethereum> >> >> Greetings, >> -- >> Nils Dagsson Moskopp // erlehmann >> <http://dieweltistgarnichtso.net> >> >> _______________________________________________ >> langsec-discuss mailing list >> langsec-discuss@mail.langsec.org >> <javascript:_e(%7B%7D,'cvml','langsec-discuss@mail.langsec.org');> >> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss >> >> > -- Tony Arcieri
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
