[Taek]

Most of the bitcoin researchers have thoroughly convinced themselves that Proof of Stake is not achievable with acceptable levels of security, and for good reason. The reason you don't see more active research on Proof-of-Stake is that it is thought to only lead to dead ends.

[fredcy]

Tezos will use Proof of Stake. They have a development version working now and there is good reason to expect a production version within a year.

[billmalarky]

The Ethereum team is serious about proof of stake.

[indigochill]

Ethereum has not shown a particularly strong track record when it comes to security, so I think the comment stands until they address that or get replaced by the next hotness.

[tekromancr]

I think that statement is a little disingenuous. There haven't been any attacks that target Etherium proper, only bugs in smart contracts riding on top of Eth.

[davidgerard]

> I think that statement is a little disingenuous. There haven't been any attacks that target Etherium proper, only bugs in smart contracts riding on top of Eth.

This is a bit No True Scotsman. It's like "secured by math!" about Bitcoin - the ecosystem is rife with fraud and error.

So too with Ethereum. Given that smart contract functionality is literally Ethereum's unique selling point, you can't claim that is somehow not something that can be discussed as a problem with Ethereum. They broke the immutability guarantee for one bad smart contract, after all.

You really can't say "Ethereum is completely secure!! Except for everything that people actually use it for" without being more than a little disingenuous yourself.

[darawk]

It is, thus far, completely secure. The fact that SQL injection bugs exist does not negate the security of HTTP. The fact that stack overflow bugs exist does not make x86 insecure. The primitives you are provided are secure - how you use them may not be.

Now you may legitimately argue that Ethereum is poorly designed to encourage secure contract authorship. And I would agree with you in many respects. But that is a distinct concern from the security of Ethereum itself. Conflating the two is at best confusing and at worst maliciously spurious.

[indigochill]

I don't mean that I have concerns about Ethereum itself, just the fact that it's currently too easy to write insecure contracts. And there has been some low-hanging fruit in remedying that, such as the whole "functions are public unless otherwise specified" thing.

[jethro_tell]

Only a 31MM dollar bug, nothing to see here, we're secure.

WAT?

[tekromancr]

Again, the bug was in the application layer, not the protocol layer. That's like saying that HTTPS is broken because you can do SQLi against someone's poorly coded website.

[patmcguire]

I believe it's not core Ethereum that has issues, it's buggy smart contracts. They don't make it particularly difficult to write insecure contracts, though.

[darawk]

Ethereum actually has a better security track record than Bitcoin does [1]. It's the contracts on top of Ethereum that are the problem. Calling those incidents Ethereum security problems is like calling a Windows 0day an Intel security problem.

1. https://en.bitcoin.it/wiki/Value_overflow_incident

[crummel]

If Ethereum is forking because of contract problems, then an Ethereum contract problem is an Ethereum problem.