Show Navigation
Conversation
Notices
-
Reading the article again, it really does seem like the people behind the Beanstalk #stablecoin hadn't engaged professional security people before they structured their "smart contract".
For one thing, the only way to remove the reserve currency & #cryptocurrency used to pin the bean's value to the dollar should have been to surrender an equivalent value of the bean cryptocurrency for destruction.
For another, there should have been a delay between purchasing the coin and obtaining the voting rights it brings. This allows someone to notice large swings in bean ownership, so they can possibly try to counteract it.
And finally, just because computers and the Internet allow transactions to be rapidly performed does not mean that every transaction must be performed speedily. If the outbound funds transfer is slow enough, someone may be able to stop it before it completes.
Yes, each of these comes with its own negatives. But overall, if the only way to extract funds is to surrender equivalent value of stablecoin, and if both rigging elections and transferring loot takes a substantial time period, the thief is likely paying interest to someone. Raise their costs and reduce the likelihood of success enough and the DAO may scare off most of the people who would attempt such things.
I haven't checked further, but I presume Beanstalk is winding down, unless someone comes along and re-funds it enough to validate the pin again.