Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Bug Software

Single-line Software Bug Causes Fledgling YAM Cryptocurrency To Implode Just Two Days After Launch (theregister.com) 108

A two-day-old decentralized cryptocurrency called YAM collapsed this week after its creators revealed that a software bug had effectively vetoed human governance. From a report: "At approximately 6PM UTC, on Wednesday, August 12, we discovered a bug in the YAM rebasing contract that would mint far more YAM than intended to sell to the Uniswap YAM/yCRV pool, sending a large amount of excess YAM to the protocol reserve," the YAM project explained in a post on Thursday. "Given YAM's governance module, this bug would render it impossible to reach quorum, meaning no governance action would be possible and funds in the treasury would be locked."

The bug followed from this line of code... totalSupply = initSupply.mul(yamsScalingFactor);
...which was supposed to beâ¦
totalSupply = initSupply.mul(yamsScalingFactor).div(BASE);

YAM, a decentralized finance experiment, implements a governance system (for making protocol changes) based on supposed smart contracts that allocates votes based on assets. [...] The code flaw locked up about $750,000 worth of Curve (yCRV) tokens in the YAM treasury, assets intended to serve as a reserve currency to support the value of YAM tokens.

This discussion has been archived. No new comments can be posted.

Single-line Software Bug Causes Fledgling YAM Cryptocurrency To Implode Just Two Days After Launch

Comments Filter:
  • Good Luck (Score:5, Funny)

    by chill ( 34294 ) on Thursday August 13, 2020 @06:03PM (#60399377) Journal

    That's really not a way to instill confidence in investors. It is like your whole currency is just made up, and the exchange is a house of cards.

  • And nothing of value was lost...
    • Apparently $750,000 worth of value was lost, according to the summary. I'd really like to hear how they managed anyone to buy their coin.
    • by nashv ( 1479253 )

      Do you really not understand how currency works or are you just being facetious?

      • by ludux ( 6308946 )
        This shit isn't currency.
        • All the coin exchanges would like a word with you.

          • Those aren't coins, they are numbers held in a database. And what the database number exchanges really want is for you to not notice how corrupt most of them are.

            The value of a bank is that they hold your money for you and in return get to use it.

            The value of a coin exchange is????
            • Re:And.. (Score:5, Informative)

              by Opportunist ( 166417 ) on Friday August 14, 2020 @05:20AM (#60400527)

              I don't know how to tell you, but the money you have in a bank is a number held in a database.

            • Actually banks are not that much better. For every dollar you give them they are allowed to lend someone else 10. That is also made up money that has no real world equivalent. Just numbers in a database. They will make profit of it anyways because they can give it away and earn interest. So money out of thin air than produces more money. The whole system is fucked up beyond repair.
  • Early tweaks (Score:3, Interesting)

    by jwymanm ( 627857 ) on Thursday August 13, 2020 @06:14PM (#60399403) Homepage
    I wish they wouldn't be using real money for this at first but I'm in before all the anti cryptocurrency tech comments. This is actually great tech and you are seeing the beginning of the end of centralized corporate and government control of man. We will all eventually be using decentralized technology hopefully for voting, logging, science studies/results, and so on. It's going to be a major tool in the arsenal of common man to fight those in power. I wish more people here would realize that it's worth more than these starter baby projects. There is a huge benefit to free society this is going to bring and I can't wait for it to be developed to where it is completely stable and reliable. Down with censorship.
    • This is actually great tech

      I long for the days whereby for someone to steal your money they either had to confront you in person, break into your house, or rob your bank.

      Now they just need to confuse a line of code from anywhere in the world.

      • by mysidia ( 191772 )

        Now they just need to confuse a line of code from anywhere in the world.

        Its not just any line of code though... for an erroneous line of code to mean anything it has to be a line of code accepted by the system.

        The thing to do then is to impose a high requirement on getting each line of code adopted... I mean there is a Computer Science concept that can help with the reliability, and that would be the use of a Proof of Correctness.. so maybe design the system so the actual proof has to be included as

        • by pjt33 ( 739471 )

          So you write a formal specification as well as your program and now you've got three times as much code to debug and it's in at least two different languages... Proofs of correctness are not completely pointless, but they're a long way short of being a panacea.

    • Wow the optimism is strong with this one.
      • Re: (Score:3, Insightful)

        You say optimism, I say naivety.

      • Re: Early tweaks (Score:4, Insightful)

        by khchung ( 462899 ) on Friday August 14, 2020 @01:00AM (#60400197) Journal

        Wow the optimism is strong with this one.

        Give it another 5-10 years, when there are enough young adults who hadn't lived through the last crash entered the market, we will see another huge tulip-style bubble, possibly with the baseless cryptocurrencies, or possibly something else. We can say "I told you so" (again) after it crash.

    • by SirSlud ( 67381 ) on Thursday August 13, 2020 @07:29PM (#60399617) Homepage

      Wait until you hit your 20s, you start to see the big picture.

      • Re:Early tweaks (Score:5, Insightful)

        by Viol8 ( 599362 ) on Friday August 14, 2020 @04:19AM (#60400435) Homepage

        Indeed. When you get older its amusing to see the same old cut and paste no state/corp control anarchist rubbish getting trotted out knowing that once the person spouting it gets a job and has to pay his own way in the world instead of being parent funded, how quickly his (its usually a he) attitude will change.

        • Indeed. When you get older its amusing to see the same old cut and paste no state/corp control anarchist rubbish getting trotted out knowing that once the person spouting it gets a job and has to pay his own way in the world instead of being parent funded, how quickly his (its usually a he) attitude will change.

          Kind of makes you wonder why the hell we allow teenagers to vote, doesn't it?

          A minimum voting age of 21 would probably be a vast improvement, just as it is when adults tend to ignore the silly shit spewing out of children's mouths.

          • by Viol8 ( 599362 )

            Agreed. 18 is way too young though for some odd reason it always seems to be socialist parties who want the age lowered.

            • Agreed. 18 is way too young though for some odd reason it always seems to be socialist parties who want the age lowered.

              Certain groups also support every non-citizen to hold voting rights as well. Children voting is only part of the problem.

              • by dfghjk ( 711126 )

                Citation please. There is no "children voting" so it cannot be "part of the problem", as though you understand "the problem".

                Increasingly it seems you are just an asshole.

                • Citation please. There is no "children voting" so it cannot be "part of the problem", as though you understand "the problem".

                  Increasingly it seems you are just an asshole.

                  Damn, you are literal. And ignorant. Go ahead. Stand next to a group of at least a dozen 18-year olds. For at least two hours of casual conversation. Then tell me how you feel really good about giving them the Right to vote, as if CHAZ/CHOP wasn't evidence enough.

                  Increasingly, America is getting worse. And it's because of ignorance that refuses to even acknowledge obvious problems.

              • by Pascoea ( 968200 )
                Name a controversial topic, I guarantee I could find a "certain group" to support both sides of it, even down to things like pedophilia. There is absolutely no majority (or anything close to a majority) within either political party that supports non-citizens voting.
          • by dfghjk ( 711126 )

            "Kind of makes you wonder why the hell we allow teenagers to vote, doesn't it?"

            No, it doesn't. We don't require voters of other ages to make informed decisions and, by and large, they do not. Also, what is this "we allow" bullshit? Is freedom and representation only reserved for you and your buddies?

        • I disagree, it's not "getting a job" and "paying your own way" that changes your perspective. It's seeing that humanity lives in constant peril of itself, and that while it's true that government exists primarily to constrain man's true nature, that nature is nothing you would ever want to release.
    • I like and support your idea, but it seems like things become more centralized. We have potential to have any number of different search engines, but we have one. For a while, there were plenty of different social networks, but now there is one (unless you count Instagram?). Why? I have no idea.
      • by Viol8 ( 599362 )

        "Why? I have no idea."

        Probably because you're still to young to have a good grasp of human nature.

      • There are still plenty of search engines.

        And also plenty of "social networks", XING, Linked-In etc.

        In Asia messenger apps like Line and WeChat are close to social networks.

        This TikTok thing Trump wants to kill is a social network, too.

        Instagram originally was a photo sharing site, like Pinterest - but the later one is transforming into a "photo social network", too.

        I guess if you dig around you find plenty of each (search engines and social networks).

    • by vux984 ( 928602 )

      "Down with censorship."

      Have you not read the code of conduct to participate, and signed it with your private keys?

    • ... human societies since the dawn of our species have been centrally governed whether its a small tribe or a large state. Like it or not anarchistic societies fail spectacularly because inevitably 1 or more people take control either by persuation, coercion or plain old fashion force.

    • hopefully for voting

      Uh, piss the hell off with that one, Sparky.

    • There is a huge benefit to free society this is going to bring and I can't wait for it to be developed to where it is completely stable and reliable.

      I'd like some of whatever you're taking, but in a smaller dose.

  • by 140Mandak262Jamuna ( 970587 ) on Thursday August 13, 2020 @06:14PM (#60399411) Journal
    The bug is in the process. Bug in test cases, unit testing, use case coverage, that is the bug, not in one line of code or in one library or a module.
    • by bmimatt ( 1021295 ) on Thursday August 13, 2020 @08:04PM (#60399687)
      The bug is on stack overflow of wherever else the kid who 'wrote it' copied it from.
    • by phantomfive ( 622387 ) on Thursday August 13, 2020 @08:25PM (#60399731) Journal
      For this bug, it means the developer didn't even test it once in his developer environment.
      • I was thinking the same thing. Not even tested. Great stuff.

      • It's 2020. Developers test their software using users, and the wide world is their developer environment.

        Given enough eyeballs, all bugs are shallow!
      • What part of Agile did you not understand!

        • by Calydor ( 739835 )

          The part where you use an exclamation mark to denote a question?

        • What has "agile" to do with this topic?

          Another "agile hater" spreading his venom?

          • by dfghjk ( 711126 )

            Another "agile lover" demonizing those who don't agree?

            • He does not disagree, he is spreading idiotic myths.
              That is a difference.

              As you instantly attack me instead of telling your "opinion" - I assume you are an "agile hater", too.

          • What has "agile" to do with this topic?

            Another "agile hater" spreading his venom?

            Wow sensitive much? Just laugh and move on with your life.

            I don't actually hate Agile, I just poke fun at the latst programming fad that seems to be forever more pushing unfinished garbage out the door. I'd make a more convincing rebuttal to your post, but I figure I'll take the Agile approach and consider this post a minimum viale product.

            We can correct speling mistakes with a patch later.

            • Sorry I was insensitive. I forgot you were German when I asked you to laugh. ;-)

            • There is no agile method in existence where the aim is not to deliver bug free software and testing -or- verification is _not_ a cornerstone of development

              Your claims are just nonsense, and I guess you know it.
              If You can not develop properly in an agile environment then either the environment is only "pseudo agile", or You simply have not the "programming expertise" you think you have.

              • Oh my god, you still don't get it was a joke... I know people say Germans don't have a sense of humour but man you seem to be turning that up to 11.

                psst. It's okay. You can giggle a bit. Just try it once in a while when none of us are looking.

  • There's thousands of these shit coins, why is this one news?
    • There's thousands of these shit coins, why is this one news?

      There's a different one in the news every so often. In this case, it stole everyone's money a lot quicker than usual.

    • Because this time the scam unraveled in record time.

  • .... or is it a quality control bug that the software bug was missed before deployment

  • Whatever YAM is invokes my LIC (Like I Care).

  • So BUY NOW before they roll out the bug fix -- it'll take HOURS if not DAYS, so BUY NOW! HURRY!!

    Tell everyone you know! Don't think, Don't Blink [wikipedia.org], just buy right now and immediately email your friends before the price skyrockets! Tomorrow it'll be too late!!!

    Gee, just like when we first started getting viruses and rumors in email, "helpful people" would tell their friends about "a virus" or "important news" by emailing everyone in the world. Needless-to-say, it was a proxy virus to funnily (Nelson:
  • by Anonymous Coward on Thursday August 13, 2020 @08:42PM (#60399775)

    I know I'm not hip with the new flavor of the month. But who in their right mind designed a language where, when you want to write the mathematical expression

    initSupply * yamsScalingFactor / BASE

    you would write

    initSupply.mul(yamsScalingFactor).div(BASE)

    where, seemingly even simple numbers are objects? What sort of lunacy is that? How is the second expression anywhere NEAR as readable as the first (which is valid in any of a large number of languages)? How is it anywhere NEAR as maintainable as the first? How is it anywhere NEAR as natural an expression?

    The answer: it isn't, and the real bug in YAM was the choice of implementation language.

    When you have something as important as a currency or where reliability is critical, where you don't get a second chance, you need people outside a small cadre of developers to validate your code. If you aren't doing that, well, you're not serious. And if you aren't using code that is easily understood by non-specialists and therefore possible to be validated by outsiders, you've made that character flaw, the bit about not being serious and making poor choices, obvious.

    Programming, when you've got a serious project and not a toy one, is not about using the newest, shiniest tools. It is not about using the libraries all the cool kids are using. It is not about exercising every whiz-bang feature of a language. It's about writing code that is clear, concise, and will be immediately understood by the next person, even if the next person is just your future self six months from now. Apollo 11 was launched, sent to the Moon, landed, launched from the Moon's surface and returned to Earth in 40,000 lines of code that are readily understandable today. I dare you to do better.

    • So are the other two operators .plu() and .min()? or .add() and .sub()

      With only a backing in C from years ago, I didn't even realize mul and div were operators while reading the summary and assumed they were either array columns, functions, or an inherited sub function of some sort.
      But then I remember that I didn't want any part of newer languages when I met java and to some extent c++.
      • Yikes.

        Talk about opening a 55-gallon drum of worms. More like the Grrand Canyon of worms.

        Language purists who have no real-world experience are always whining about whether or not a programming language has "operator overloading" or not. (Cut to the chase: C++ has it, Java doesn't (except for String, built into the language, and I'm not going there...)).
        The question is whether I, as a random language user, get to define

        class BigNum;

        and whether I get to say

        BigNum A, B, C; // (where I define
        • Operator overloading is great for implementing math and simulations. Things like Eigen are far easier to use because of operator overloading. I do agree with you that operating overloading for employee there is some kind of abomination. I also thing that operating overloading with math leads to fewer errors because the equation you write in looks much closer to how you would write the equation by hand.

    • I still don't understand why whitespace code like Python exists.

    • by pjt33 ( 739471 )

      But who in their right mind designed a language where, when you want to write the mathematical expression

      initSupply * yamsScalingFactor / BASE

      you would write

      initSupply.mul(yamsScalingFactor).div(BASE)

      where, seemingly even simple numbers are objects?

      Simple numbers? I bet it's a BigInteger (can't be a BigDecimal because then they wouldn't be using fixpoint), and would not be at all surprised if it's Java.

      • Comment removed based on user account deletion
      • Simple numbers? I bet it's a BigInteger (can't be a BigDecimal because then they wouldn't be using fixpoint), and would not be at all surprised if it's Java.

        You would be shocked and appalled how many people use floating point in financial situations like this one, without the least clue why they shouldn't.

  • by zephvark ( 1812804 ) on Thursday August 13, 2020 @08:48PM (#60399783)

    I'm going to go with, "perhaps they should have used actual equations instead of burying everything so deeply in OOPsy paradigms that it looks worse than COBOL."

    Dijkstra was a mean critic who couldn't create a decent computer language himself but, I'd really love his take on "Object-Oriented Programming Considered Harmful", much as I'd enjoy Hunter Thompson's foaming at the mouth about Trump, who makes Nixon look suave and sophisticated.

    Let's not all roll around on the floor and speak in tongues while handling snakes, now. Who wants to be first? Raise your hand. No, middle finger or raised fist with two thumbs.

  • Because trying to get rich quick is the only reason fro yet another crapcoin.

  • the YAM is done.

  • ... blah blah rebasing blah pool blah blah bullshit waffle blah blah quorom blah.

    Sounds like a bunch of kids who think they're smarter than they really are and who didn't bother to test their code (because they're so smart, right?), bigging themselves up with crypto-gibberish in order to try (and fail) to still appear professional.

  • totalSupply = initSupply.mul(yamsScalingFactor);

    vs.

    totalSupply = initSupply.mul(yamsScalingFactor).div(BASE);

    How did they not deploy this on a testchain first? It would have been obvious from the first second it was wrong!

  • That currency should be banned if for no other reason than the alphabet stew contained in that post.

Your password is pitifully obvious.

Working...