[louprado]

"Simple Contracts are Better Contracts" has always been the mantra of the Ethereum and DAO team. Most times when a security question was raised, "simple contracts" was their defacto answer [1].

This exploit suggests that the most competent developers in this space, who always preached simple contracts, are not yet able to consistently write secure contracts.

Also, the OP states the importance of being able to update a contract. As of last year that meant the original contract MUST include a self-modifying code provision. Self-modifying code doesn't align well with keeping your code simple.

As an aside, "contracts" are Ethereum's raison d'être and the Ether currency value is largely based on adoption. Even though this exploit did not expose a flaw in the Ethereum block chain, the Ether sell-off is an expected consequence.

Lastly does anyone have a link to the original contract code and how it could be rewritten so that it isn't vulnerable to this exploit ?

[1] https://www.youtube.com/watch?v=cahj4WJtp20 Q&A at 42m44s is relevant.

Edit: corrected time stamp for above video

[109129831023]

"Most competent developers"? There are probably thousands of better informed developers/researchers who would not attempt to set up such a company before they have stronger formal guarantees.

Of course, if you want to be first-to-market, none of that seems to matter.

[Avshalom]

Strong formal guarantees are complicated see? and we run around telling ourselves that simple is better, so we keep writing shit code.

[jabgrabdthrow]

Most Competent Marketers