The importance of security in the area of smart-contract development is evident nowadays. Smart-contracts and DApps that rely on them are operating with funds and in most cases these are funds of DApp customers.
Smart-contracts must be perfectly secure. The possibility of hacking or stealing funds operated by smart contracts is the main problem in the development of each DApp designed for working with funds.
In this article, I would like to describe new approaches to ensuring safety of funds in this area.
Nothing is absolutely secure
One of the main security engineering principles declares that “there is no system that can be engineered to be perfectly secure or absolutely trustworthy” (System Security Engineering TSAPPS at NIST).
Instead of trying to make a system ideally secure it is better to focus on designing it so that it would be fault-tolerant instead. Adding more layers of protection is improving the safety of the end users much better than trying to improve the coding part.
Here I’d like to introduce a new layer of safety that was not so widely adopted in crypto industry earlier.
The proposed solution is to develop an organization that will offer insurance services for the development teams of DApps.
While bugbounties and security audits are good there is nothing that can be done further if you have already performed them. Following the best security practices reduces the risk of being hacked significantly but there is always a certain chance that things will go wrong.
It is worth to mention that most of DApps know the volume that they operate with and they have an allocated budget to improve the security of their users funds. Therefore they can ensure the amount of funds they operate with thus claiming the right to receive a compensation of the insured funds in case of a hack.
How is it beneficial for DApp developers?
Insuring the amount of funds that a DApp is expected to operate with can guarantee that this exact amount of funds will be paid back by the insurance organization in case of a hack.
The developers of a DApp no longer need to worry about the security of their DApp. They can focus on building instead by delegating the security-related concerns to the aforementioned “security insurance organization” at the cost of certain % of their income.
This can also improve the marketing part of the project since every customer can be ensured that the development team of the DApp will compensate any losses in case of a hack. The situation where the development team states that they can not compensate the losses of their customers will no longer be possible.
How is it beneficial for DApp users?
“Security” is a problem for users now because users are those who risk their funds by using DApps. There is no provable way to ensure that using a DApp is safe or not for now. As the results users need to trust that the developers of DApp did everything properly in case a user does not enough knowledge to verify the source codes of every component of the DApp that he is going to use.
The proposed solution can offer a publicly transparent and representative way of demonstrating that the DApp will not suffer any loss of funds at any moment to the end users.
For the end user it should be as simple as this:
- If a DApp has an “insured” badge and it is listed at the website of the insurance organization then it is fine.
- If a DApp is not listed at the website of the insurance organization then the DApp is not insured and a user need to trust that the development team took any security measures into account by themselves.
The described proposal requires a significant quantity of initial funds to establish a “refunding budget”.
The refunding budget will be used to fully pay the amount of insured funds back to DApp development teams in case a hack occurs.
Any DApp development team can request the insurance of a certain amount of funds for their DApp. This is recommended to evaluate the amount of funds that is likely to be stolen in case of a hack because not every DApp loses the entire balance upon being hacked. The DApp development team then should pay X% of the insured budget to the insurance organization for keeping their DApp secured.
For the security insurance organization the collected monthly payments are the main source of funding.
Insuring a DApp poses a risk of fund loss for the insurance organization since it will have to pay the full amount of insured funds in case of a hack. Thus, the security insurance organization is incentivised to (1) rise the % of monthly payments for DApps that are more likely to be hacked or (2) ensure the security of a DApp to reduce the risk of paying back the insured funds.
Callisto Network is a free-of-charge security auditing organization that can perform reviews of codes of DApps. Passing a security audit reduces the risk of being hacked significantly for any DApp.
A certain part of Security Insurance Organization income could be used to fuel the development and operative expenses of Callisto Network by purchasing&burning the CLO tokens.
The problem & The solution
The most relevant problem for the DApp insurance organization is the possibility of the developers to hack themselves and request the compensation by the insurance agreement.
The Insurance Organization must adhere to a set of rules and procedures to prevent this. The solution is described here:
The proposed solution can introduce a new layer of security as well as redistribute the responsibilities of competent parties involved in the development process.
- The Callisto Network is responsible for the security auditing of smart-contracts and it is freely available for every development team at any time. The only requirement is public availability of the source codes of auditable smart-contracts for now [this may be revised in future].
- The described Security Insurance Organization is responsible for providing the information about the audited/unaudited DApps as well as the amount of funds being covered by insurance contract.
- DApp development teams can focus on building and delegate the security-related concerns to the Security Insurance Organization.
- DApp users can transparently verify how safe it is to use a DApp.