I’m a huge fan of Prof Emin Gun Sirer and what best could it be.... when your favorite #blockchain host Haseeb Qureshi is on the opposite site interviewing Professor Sirer. ....the output is a manifest of great content and a dope of continuous learning.
Thank you software engineering daily’s Blockchain podcast for this wonderful subject covered in depth.
This blog has been inspired by the discussion.
Prof Sirer (Cornell University) runs the IC3 and has been very instrumental and vocal about the whole Smart Contract space focusing a lot on its security aspects follow his blogs here http://www.initc3.org/
This blog discusses about an important topic of discussion around “Smart Contract Security, in the days of our lives”
The cryptocurrency and the blockchain world is currently the wild Wild West ....and the wild Wild West attracts cowboys 🤓.
Info graphic courtesy = me
Background
We will understand what a smart contract is and the nuances around it’s security.
What is a Smart Contract?
A program that can programmatically manage money flows or asset flows which is triggered by an event Or a condition to invoke the Smart Contract.
Machines decide what next steps to take based on event conditions
All conditions have to agree on same sequence of “actions” and further act on the execution and then self execute the next logical programmed steps.
It can also be defined as a series of state transitions based on executed commands and their result sets published based on a consensus to deem Finality.
Quote Prof Sirer
“Bitcoin was not meant to handle complex smart contracts vs Ethereum which is turing complete and can handle complicated smart contracts.”
Unquote
Each platform is meant to do what is expected off it, for example a Decentralized Distributed Database must be used to send triggers to a smart contract and not load the platform with data and attribution.
Likewise Bitcoin network was supposed to only solve a peer to peer money transfer smart contract in a trusted Decentralized model.
It doesn’t have to be over engineered to attribute it to drive complex self executing exit criteria.
What can these Smart Contracts solve?
- bring economic parity in money flows and money distribution
- insurance and other condition driven business use cases like a simple example that Prof Seirer uses is an insurance payout ...where parties A and B pay into the insurance node and if A meets with a bad event “a trigger is invoked to the payout smart contract” No questions asked “the system pays out without the involvement of the intermediary.”
Why Risk with smart contracts?
What to mitigate?
Since these Smart contracts hold money primarily, its the dart board for the hacker, people just want to break it and exit with the money, in most cases anonymity doesn’t even allow to track down the hacker.
Let’s understand what those security issues are, which when compromised leaks a contract financially from irreversible losses at most times, leading to the founders of the platform having to Hardfork the chain at times to recover or stop the draining of funds from these Smart Contracts.
Security Issues with Smart contracts
- the Smart Contract language is a New Domain and is not very well tested and quirky and hence the platforms nacensy makes it hard to believe that it can be bullet proof.
- Biggest Problem:
Cannot be modified once they are deployed/issued...unless the developer has put some mechanisms that can shield attacks against potential bugs or loose end entry /hack points.
- Can only do what it’s programmed to do(Atleast for the way the protocol is defined today)
"Security is often always an afterthought, but because of the foundational basis of the technology, there needs to be a depth of defense and building controls in every layer of the application." Quoted from IBM’s article on how the Blockchain needs to be protected from compromise even though it’s Decentralized.
Understanding the DAO hack
In the DAO hack there was a address that was draining funds out of the Smart Contract and the owner of the contract did not have any kill or shut off or escape hatch sequence of contract transitions.
I won’t go too much into the DAO hack you can read professor Sirers blog on hacking distributed.
So....the contract developers need to do it right the first time to safeguard the contract with different armour or escape techniques.
What are some of these different techniques
Multi-timed contacts
Create mutiple contacts, by this ...the payout happens only when all the contracts agree to the state transition.
Let’s say there is a payout defined on a multi timed smart contract based on consensus trigger from all contracts and If there is an exploit or attack to the implementation of contract 1, the other 2 contracts execute a state transition that will shut off payout sequences or operative sequences that are vulnerable to attacks
However if the same group of people develop all 3 parts there will still be vulnerabilities to hack the sequence.
Escape hatches
Core concept resonates around the fact that when you detect Byzantine behavior the smart contract goes into a escape hatch, just like a tortoise going back into its shell to prevent a predator attack 🦊.
And the only way to return back to a operative state is by the owners trigger function switch for the escape hatch that’s protected by techniques like unique key or Throttling
Throttling examples :
Balance drop beyond acceptable limits triggers alerts.
If desired correspondence between tokens outstanding and balance goes below acceptable norms , stop payout transactions and freeze the throttle of funds.
Several encryption techniques can be used to secure smart contracts. This will lead us to understand how can data encryption be handled on a blockchain, if privacy leakage can be stopped.
Escape hatches, zero knowledge proofs, homomorphic encryption, public key encryption and many more
Conclusion
We can discuss these in more detail in another blog, but to summarize this post, all I’d like to say is that if you are writing a smart contract that holds money, try to make it like a Level 1 software intellect (a typical Level 1 sofrmteare used in Aircrafts that can bring a flight down if compromised) its money at stake...
Follow me on Twitter @tridipchakra
Further references
Software engineering daily podcast
Hacking Distributed (Dr Seirer) http://hackingdistributed.com/
No comments:
Post a Comment