The scrypt code of the prediction market vala.ai (you can find the code here) had a bug that allowed anyone to steal the money in every market that have less than 3 choices.This bug existed (imo) because the type system of scrypt doesn't offer sufficient safety guarantee: to exploit this bug you have to use a publickey that is too long to possibly be a publickey (even tho in the code it has the type PubKey), and you have to make a collision between sha256(publickey + somestuff) and sha256(leftsubroot + rightsubroot), which would be impossible if you had only a function "hash" that would use a different hash function everytime unless specified otherwise, the programmer would have then specify that the root of the merkletree have a type "HASH1" and leafs a type "HASH2".(The bug is now fixed, and the site is safe to use)
Share this post
Your type is not type
Share this post
The scrypt code of the prediction market vala.ai (you can find the code here) had a bug that allowed anyone to steal the money in every market that have less than 3 choices.This bug existed (imo) because the type system of scrypt doesn't offer sufficient safety guarantee: to exploit this bug you have to use a publickey that is too long to possibly be a publickey (even tho in the code it has the type PubKey), and you have to make a collision between sha256(publickey + somestuff) and sha256(leftsubroot + rightsubroot), which would be impossible if you had only a function "hash" that would use a different hash function everytime unless specified otherwise, the programmer would have then specify that the root of the merkletree have a type "HASH1" and leafs a type "HASH2".(The bug is now fixed, and the site is safe to use)