Why are Smart Contract Security Audits So Important?
To say that we are living in the “ICO era” is a gross understatement.
They have generated billions of dollars in revenue and have pretty much become a household name in the process. However, with so much money flowing around, extra care must be taken to make sure that the smart contracts are not exploited and that the money generated is secure.
Faulty or careless coding can lead to a host of attacks by hackers like the reentrancy attack, overflow/underflow attack etc. Remember, at the end of the day, it is not just your money which is at stake.
So, having said that, let’s understand what smart contracts are and the different types of contracts out there.
Why are Smart Contract Security Audits So Important?
Different Types of Smart Contract
Smart contracts are automated contracts. They are self-executing with specific instructions written on its code which get executed when certain conditions are made.
You can learn more about smart contracts in our in-depth guide here.
Smart contracts are how things get done in the Ethereum ecosystem. When someone wants to get a particular task done in Ethereum they initiate a smart contract with one or more people.
Smart contracts are a series of instructions, written using the programming language “solidity”, which works on the basis of the IFTTT logic aka the IF-THIS-THEN-THAT logic. Basically, if the first set of instructions are done then execute the next function and after that the next and keep on repeating until you reach the end of the contract.
There are three kinds of smart contracts:
- Fully on chain standard compliant contracts which have no ether (or any compliant tokens) transfers. These are the ones that are the easiest to audit as they follow a particular standard. Since they are completely on the blockchain and has no ether transfers, it is not vulnerable to attacks
- Fully on chain standard compliant contracts which have enabled Ether transfers like ICO. These contracts ar a little harder to audit than the former ones. Having said that, contracts which enable ICOs usually follow templates which makes it easier to audit.
- Finally, we have contracts which have off-chain interactions like oracles, channels, etc. These are extremely hard to audit as they involve some operations which are outside the blockchain. In fact, it won’t be a stretch to say that fully auditing these contracts is nearly impossible.
Alright, so now we know what smart contracts are, let’s look into the importance of auditing these contracts.
Importance of Auditing
It is futile to tell you about the importance of auditing without telling you about the most famous hack in the short history of ICOs.
The DAO aka the Decentralized Autonomous Organization was a complex smart contract which was going to revolutionize Ethereum forever. It was basically going to be a decentralized venture capital fund which was going to fund all future DAPPS made in the ecosystem.
The way it worked was pretty straightforward. If you wanted to have any say in the direction DAPPS that would get funded, then you would have to buy “DAO Tokens” for a certain amount of Ether. The DAO tokens were indicators that you are now officially part of the DAO system.
So, how were DAPPS going to get approved and built? Well, firstly they need to get whitelisted by the curators, who were basically known figureheads in the Ethereum world. After getting their stamp of approval, they will get voted on by the DAO token holders. If the proposal gets a 20% approval in the vote, then they will get the required funds to get started.
The potential of the DAO and the flexibility, control and complete transparency that it offered was unprecedented; people leaped in to get their share of the pie. Within 28 days of its formation, it accumulated over $150 million worth of ether in a crowdsale. At that time, it had 14% of all ether tokens issued to date.
You might be wondering, that’s all good but how does one go out of the DAO? What if some DAPP gets approved that you are not a huge fan of, how do you opt out of the DAO then? To enable this, an exit door was created called the “Split Function.” Using this function, you would get back the ether you have invested and, if you so desired, you could even create your own “Child DAO.” In fact, you could split off with multiple DAO token holders and create your own Child DAO and start accepting proposals.
There was one condition in the contract, however, after splitting off from the DAO you would have to hold on to your ether for 28 days before you could spend them.
So everything looks nice and spiffy for now….except, there was one little problem. A lot of people saw this possible loophole and pointed it out. The DAO creators assured that this was not going to be a big issue. The only thing is, it really was a big issue. This very thing created the entire storm that split Ethereum into Ethereum and Ethereum Classic.
On 17th June 2016, someone exploited this very loophole in the DAO and siphoned away one-third of the DAO’s funds. That’s around $50 million dollars. The loophole that the hacker(s) discovered was pretty straightforward in hindsight.
If one wished to exit the DAO, then they can do so by sending a request. The splitting function will then follow the following two steps:
- Give the user back his/her Ether in exchange for their DAO tokens.
- Register the transaction in the ledger and update the internal token balance.
What the hacker did was they made a recursive function in the request, so this is how the splitting function went:
- Take the DAO tokens from the user and give them the Ether requested.
- Before they could register the transaction, the recursive function made the code go back and transfer even more Ether for the same DAO tokens.
- This went on and on until $50 million worth of Ether were taken out and stored in a Child DAO and as you would expect, pandemonium went through the entire Ethereum community.
So, to summarize everything.
The DAO was supposed to be a revolutionary dApp which was going to change Ethereum forever. However, because of a simple flaw in the smart contract code, a hacker was able to siphon away $50 million worth of Ether. As a result, the following happened:
- The DAO shut down
- The value of Ether plummeted
- The ensuing drama split the entire Ethereum community into two, Ethereum and Ethereum Classic.
The DAO, more than anything, serves as a reminder as to why ICOs must make sure that they invest in quality auditing services. The truly sad part is that this could have been avoided if the contract was submitted to a decent enough auditing service.
This also personifies the main problem faced by most modern smart contracts: over-engineering.
Most of the contracts are developed by multiple developers, which inevitably leads to an unnecessarily high level of complexity. This high level of complexity leads to a higher vulnerability which increases the attack surface of the Dapp.
So, having said that, let’s look at the fundamental approaches that are there to contract auditing.
Fundamental Approaches to Auditing
There are two fundamental approaches to smart contract auditing:
- Manual code analysis
- Automatic code analysis.
Manual Code Analysis
Manual analysis should be done if you have a decent-sized development team. Basically, the team will go through and examine each and every line of code and test them for different security issues. While it goes without saying that this is the best way to go about auditing, the problem remains in the fact that it is extremely time-consuming. Also, if you don’t already have your own dev team, it will cost you tons of money to hire the required number of developers to go through your code in-depth.
Automatic Code Analysis
On the other hand, automatic code analysis saves developers a ton of money as they make use of sophisticated penetration tests to help them find vulnerabilities. Developers use software like Truffle to conduct automatic code testing. They can also use Populus, which is a python based framework.
While this method is fast and money-efficient, it has a number of problems.
Automatic testing can miss quite a lot of vulnerabilities and it can also falsely identify a code as problematic even though it isn’t.
So, the most ideal solution will be a combination of the thoroughness of the manual analysis and the time and economic efficiency of the automatic analysis. That is what we have achieved with BountyOne.
We will introduce you to BountyOne soon, however before we do that, we need to you tell you about the current state of the Auditing Industry.
The Current State of Auditing
Well, to put it mildly, the current state of the auditing industry is broken. There are two things that are worth taking note of:
- Firstly, the supply of developers who are knowledgeable enough to run through different iterations of the code to find vulnerabilities is extremely low. It is a highly niched area.
- Secondly, the demand is extremely high. Just look at the sheer number of ICOs out there. Obviously, they all want proper auditors for their smart contracts.
Because of these reasons, the price of proper auditing and testing goes through the roof.
The exact cost of conducting a smart contract audit really depends on a number of key factors.
As we have said before, if you don’t have your own developer team, then you will need to outsource your contract, which will greatly inflate your budget.
Having said that, a simple smart contract with no business logic costs around $4000. More complicated and advanced smart contracts can go from $50,000 all the way up to $100,000.
Plus, if that’s not enough. There is usually a 3-4 weeks waitlist and then it takes 8 weeks for the auditing process to be completed.
So, not only are you spending a lot of money, you are wasting a lot of time as well. This is why we have introduced the BountyOne platform, to:
- Get together different developers from around the world on one platform
- Secondly, it will help project creators to save up a lot of time and money and still achieve the best possible audit.
Alright, so let’s introduce you to BountyOne.
What is Different about BountyOne?
Think of BountyOne as the “Uber” of smart contract auditors. Any auditor can choose to work on any contract that is currently active on the platform. Each and every one of these auditors are vetted extensively by us. They go through a detailed application process which makes sure that only the best auditors get on our platform.
The entire auditing process goes through three stages:
- Stage 1: The auditors work on the contract and submit their versions
- Stage 2: Senior auditors then look at the work that has been done by the auditors and marks it from 0-10
- Stage 3: The community checks the work that has been done by the Sr. auditors and the auditors to see if everything is in place.
This “triple ditch audit” makes sure that everyone’s work gets, not just double, but triple checked. So, now that we know a general overview, let’s go into details.
Stage 1: Auditing
The contract giver submits a contract and assigns a particular amount of Ether to it. The bounties will be listed on the platform like a bulletin board of sorts. The contracts will be listed as “In Progress”.
Now any auditor who has been cleared by BountyOne can choose to work on this contract. The way they initiate it is by staking some of their ether into the contract. The reasoning behind this stake is simple, to make sure that things get done on time.
One of the biggest problems with current smart contract auditing services is that it is extremely consuming. Like we have mentioned before, it may take >50 days for a normal contract to be audited.
In BountyOne we make sure that timing is a priority by letting our auditors enter a time-sensitive contract. Basically, if they do not complete their work in the given amount of time, then they will lose their stake.
10 auditors can work on a project at a time.
Stage 2: Grading
Now comes the second stage of the process.
The auditors have created and submitted their versions of the contract, so now, how do we choose the best contract in a fair manner? For this, a jury needs to be selected.
Three senior auditors can choose to become jurors for a particular audit case by staking Ethereum into the contract. A senior auditor is basically an auditor who has done at least 3 successful audits in the BountyOne ecosystem. So, these senior auditors can rank the work of each auditor individually from 0-10, 0 being the lowest and 10 being exceptional.
Imagine that we have a hypothetical smart contract A and only two auditors are working on it, Alice and Bob. Imagine that three senior auditors mark Alice and Bob like this:
Ok, so turns out that Alice has done a great job and Bob has done a terrible job. This is at least what our jury has decided.
However, one more level of checking needs to be done. Remember how we said that each senior auditor needs to stake their own ethereum to become a jury member? This is where that stake comes into play.
Stage 3: Verifying
The final stage of the audit is the community check. BountyOne’s entire auditor community will get their hands on the following:
- The original contract that was given for auditing
- All the audited contracts that were submitted by the auditors
- The marks that were given to the audited contracts by the senior auditors
The community check leverages the “wisdom of the crowd” to make sure that the senior auditors have marked the audited contracts fairly.
In order to do this, they will check each and every audited contract and see how much of an improvement it is over the original submitted contract. After that, they are going to check the marks given by the Sr. Auditor and see if it is fair or not.
If the community doesn’t find any faults, then well and good. However, suppose they find some glaring discrepancies. Suppose they checked Bob’s audits and they think that he has done a really good job and 2/10 is way too less a score for him. If that happens then they will raise a red flag.
This works in reverse as well.
Suppose a Sr. Auditor gave really good marks to a below-average audit. Then the community will red flag that audit and nullify the marks that the auditor has received.
Stage 3B: Red-Flagging (optional)
IF the community raises a red flag, then and only then is this second jury group of senior auditors formed. Senior Auditors who took part in the original jury will not be able to take part in this one.
If this jury finds out that certain senior auditors haven’t done their job properly in the original jury, then their stake is taken away immediately. As such, senior auditors always have an economic incentive to make sure that they are marking the audits properly.
Stage 4: Rewarding
Alright, so now that we know how the entire process works, let’s look deeper into the reward mechanism. How does the BountyOne platform reward its participants to make sure that everyone is getting their fair rewards?
The breakdown works like this:
- 70% of the total ether reward goes to the auditors
- 20% of the total ether goes to the Senor Auditors.
- IF the community find anything wrong with the audits or the Senior Auditor’s work then they can raise a red flag which will be checked upon by a new jury of Senior Auditors. If this checks out, then the community and this second jury of Senior Auditors will get 10% of the total Ether.
- However, if the community finds absolutely nothing wrong, then the extra 10% of the total ether will go back to the auditors. So in this case, they get a total of 80%
- The auditors will get paid in proportion to the marks that they have received.
Let’s take an example of this and see how the reward breakdown will go through.
Suppose, we have a contract with a 10 ETH reward price. Let’s assume that only two auditors, Alice and Bob were working on it, and during the auditing process, the community didn’t have to come into play.
So, Alice and Bob will receive 80% of the total Ether reward price which is, 8 ETH.
Now, let’s assume that the senior auditors scored Alice and Bob like this:
The total score received are: 9+10+9+3+3+2 = 36
Of this, Alice’s share is: 9+10+9 = 28 out of 36 which is 28/36*100 = 77.78%
Bob’s share is: 3+3+2 = 8 out of 36 which 8/36*100 = 22.22%
So, after the audit, Alice will get 6.24 ETH (77.78% of 8) and Bob will get 1.76 ETH.
You can check out the infographic of all the processes in BountyOne right here.
Why BountyOne Over Other Platforms?
So, why should you select BountyOne over other auditing platforms? Well, let’s take a look:
- It is cheaper because we do not have full-time auditors that we must pay hundreds of thousands of dollars to keep. They have other solidity development jobs and just do this on the side like an Uber driver.
- We pay them based on performance and not simply for saying they read the code. This is the reason why the auditors are economically incentivized to do the best work possible.
- The auditors risk losing all their staked money if they do not do a good job and don’t submit their work on time. This makes sure that there are no unnecessary delays.
- Also, the community (including other auditors) can make a significant amount of money by disproving the works that others have done.
All these factors combine to make sure that the end product that you’re getting is the best possible audit of your smart contract.
So, there you have it.BountyOne, the decentralized Bounty marketplace. We believe that this model, which uses economic incentives and a more user-friendly environment will help bring some much-needed order into a highly chaotic and broken space i.e. smart contract auditing.
If you want to learn more about us, then you may get started here
The post Why are Smart Contract Security Audits So Important? appeared first on Blockgeeks.