|
|
|
|
|
|
by derefr
2527 days ago
|
|
|
> It's not like it's spelled out in the contract I mean, it is, just not in those words. What we're talking about here is a vulnerability in the contract, in the software-security sense. Everyone should be reading contracts the same way they read source code during a security audit: under the assumption that all parties involved have malicious intent and are trying to destroy one-another 100% of the time. So when a contract says "we can do X", it must be read as "we can do X to make us succeed at your expense." Just like when code says "this module can do X", it must be read as "an attacker having gained control of this module can do X to succeed at your expense." |
|
|