The new word in security of DAPPs: smart-contract insurance

Nothing is absolutely secure

One of the main security engineering principles declares that “there is no system that can be engineered to be perfectly secure or absolutely trustworthy” (System Security Engineering TSAPPS at NIST).

DApp insurance

The proposed solution is to develop an organization that will offer insurance services for the development teams of DApps.

How is it beneficial for DApp developers?

Insuring the amount of funds that a DApp is expected to operate with can guarantee that this exact amount of funds will be paid back by the insurance organization in case of a hack.

How is it beneficial for DApp users?

“Security” is a problem for users now because users are those who risk their funds by using DApps. There is no provable way to ensure that using a DApp is safe or not for now. As the results users need to trust that the developers of DApp did everything properly in case a user does not enough knowledge to verify the source codes of every component of the DApp that he is going to use.

  • If a DApp has an “insured” badge and it is listed at the website of the insurance organization then it is fine.
  • If a DApp is not listed at the website of the insurance organization then the DApp is not insured and a user need to trust that the development team took any security measures into account by themselves.

Business model

The described proposal requires a significant quantity of initial funds to establish a “refunding budget”.

The problem & The solution

The most relevant problem for the DApp insurance organization is the possibility of the developers to hack themselves and request the compensation by the insurance agreement.

Expected outcome

The proposed solution can introduce a new layer of security as well as redistribute the responsibilities of competent parties involved in the development process.

  • The Callisto Network is responsible for the security auditing of smart-contracts and it is freely available for every development team at any time. The only requirement is public availability of the source codes of auditable smart-contracts for now [this may be revised in future].
  • The described Security Insurance Organization is responsible for providing the information about the audited/unaudited DApps as well as the amount of funds being covered by insurance contract.
  • DApp development teams can focus on building and delegate the security-related concerns to the Security Insurance Organization.
  • DApp users can transparently verify how safe it is to use a DApp.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store