Blockchain Security Debate: Simplicity of Smart Contracts and Compilers is Vital for Developers
At the 3rd Global Blockchain Summit held in Shanghai hosted by Wanxiang Blockchain Labs, Gnosis co-founder and CTO Stefan George, Huawei executive Huang Lian Jin, Factom founder and chief architect Paul Snow, and Stellar co-founder Jed McCaleb discussed the security issues of emerging blockchain projects. In particular, they emphasized the importance of conducting audits with a large community of developers to prevent potential technical problems.
The security, privacy, and scalability issues faced by blockchain are unprecedented because decentralized applications and protocols have never been tested before. As blockchain projects such as Gnosis, Factom, and Stellar, along with technology conglomerates and financial institutions, begin to integrate the blockchain with existing infrastructures and technologies, they are encountering an increasing number of challenges. However, with the help of thorough code audits and tests, executives from Gnosis, Factom, and Stellar believe that blockchain technology can become more applicable and flexible in the long-term; and will therefore be easier to implement in major industries such as finance, insurance, and healthcare.
“Security is a lot about simplicity, and not only on the smart contract level but also on the compiler level.”
By nature, public blockchain networks such as Stellar, Gnosis, and Ethereum are decentralized and distributed. As all smart contracts and operations are conducted in a peer-to-peer protocol, a sophisticated and complex structure is necessary to maximize privacy and security, while maintaining an optimal level of flexibility. To achieve this, as explained by Stellar co-founder Jed McCaleb, it is crucial that every blockchain network implements a security audit to test smart contracts as well as the compliers.
“Security is a lot about simplicity, and not only on the smart contract level but also on the compiler level”, he stated. “To give an example, our friends at Augur they recently did a security audit of not only their smart contracts but also of the server compiler, and they found out that there were several security issues with the compiler.”
According to Stefan George, the co-founder and CTO of Gnosis, the $78 million Ethereum blockchain-based prediction platform, it is crucial to have a wide range of developers conduct multiple audits. This is to ensure that the code is running efficiently within a secure ecosystem, and therefore, prevent severe security issues. For the Gnosis platform, George noted that several audits were conducted from many highly regarded blockchain developers within the open source cryptocurrency development community.
“If you want to proper audits, you need to think out of the box because many mistakes are not obvious. Based on our experience, it’s good to do several audits. Different people have to check the code, and they probably shouldn't be working on the smart contract that they audit -- it should be someone else. They should really try to understand what the programmer wanted to do. We did this for Gnosis - we did several audits making sure that it is safe,” said George.
“You have to recognise that software always has bugs and, essentially, code is the enemy. You have to prepare for those eventualities.”
Jed McCaleb, emphasized that it is impossible to create or develop a flawless codebase that is immune to all types of attacks and vulnerabilities. McCaleb stated that code must be written in a way that recovery from potential security issues and complications can be made seamlessly. He explained that bugs exist in all types of software therefore, for the security of users, it is important to ensure the recovery process causes minimal interference.
“You have to recognise that software always has bugs and, essentially, code is the enemy. You have to prepare for those eventualities when something does go wrong and make sure that the recovery from problems is as unpainful as possible; and do a lot things to prevent total catastrophe, where it’s stuff that maybe you can roll back from or only hurts a small subset of users because things are ultimately going to go wrong, there are bugs in all software,” said McCaleb.
In response to McCaleb’s, Gnosis co-founder George noted that it is essential that blockchain networks and platforms operate a codebase which prioritizes simplicity. The simplicity of smart contracts and compilers is vital for developers in uncovering bugs and vulnerabilities, as well as in developing solutions to eliminate them promptly.
Security and scalability related issues have long been considered the major hurdles for blockchain development, especially for permissioned or centralized ledgers that are increasingly vulnerable to external threats, hacking attacks, and security breaches. As Ethereum co-founder Vitalik Buterin previously explained, the achievement of sufficient scalability to power decentralized applications with millions of active users will take anywhere from two to five years. However, once these issues are resolved, blockchain platforms like Ethereum, Gnosis, Stellar, and Factom will be able to achieve commercial success.
Nonetheless Paul Snow, the co-founder and chief architect at Factom blockchain network, has expressed his optimism toward the applicability of blockchains, especially in areas outside of finance. Snow revealed that Factom, which is worth $130 million blockchain network and counts investor Tim Draper as a supporter, has secured a contract with the Bill and Melinda Gates Foundation. Their role will be to process, secure, store and track medical records for people in developing countries.
“We did get a contract with the Bill and Melinda Gates Foundation to track medical records for people in the developing countries because the treatment places [there] are very chaotic so you use biometrics. You use biometrics to find the chain and then the chain to find the medical information, the history, no matter how many NGOs or disaster relief organisation or governments have come in and done healthcare. So the blockchain is going to come in and solve this problem.”
Earlier this year, a bug caused the Bitcoin Unlimited nodes to unintentionally attempt a hardfork. An anonymous Bitcoin node created an oversized block causing the Bitcoin.com mining pool to lose 13.2BTC, and several Bitcoin Unlimited nodes to get blacklisted on the network. Even though the bug was fixed quite quickly, it sparked heavy criticism, particularly from Bitcoin Core team. It seems like they had forgotten that a similar bug was found in the Bitcoin Core Code back in 2013.
To contact the editor responsible for this story:
Margarita Khartanovich at [email protected]