Smart contracts and DAPs on Bitcoin Cash are growing fast! lots of new people are joining the community looking to build new products, port existing ones, or simply speculate on the next big thing. Sadly this is also attracting scammers. The project "BeachSwap" disappeared with some money a few hours after launching. There were red flags, and while the community quickly became suspicious, they disappeared so fast we failed to stop them. Security is one of the main challenges of smart contracts, and we can all learn how to make things a bit more secure.
Let's go over some basic security concepts of smart contracts to be better prepared. There are lots and lots of security details for smart contracts, but we will go over basic ones, Smart contract code audits, and bytecode verification.
Smart contract code audits are one of the most basic tools we have to gain some level of security on a project. A good audit from a reputable auditing service will review a smart contract code and point out issues and alert everyone in an open way before they become a problem. Most big projects like Uniswap are constantly auditing their code to find bugs and vulnerabilities.
Smart contract bytecode verification.- When a smart contract is deployed, that is written on the blockchain, it first needs to be compiled. The English words that make the smart contract and that we can understand are turned into bytecode a language that the computer where the blockchain runs can understand. By making sure that the bytecode on the blockchain matches that of the locally compiled (and audited) smart contract we can then know for sure that the code that runs on the blockchain is the one that actually should be there. If we don't do this, the person that deploys the contract can just deploy a different code, that could include functions to take away users' money.
In a few words, verification is needed because without it we can't be certain that the smart contract on the blockchain is the same smart contract that was audited! Audits by themselves are meaningless without proper smart contract verification.
We have recently launched a tool to do this, you can find it at https://www.contractverifier.com , we plan to open-source the tool soon so that it can be integrated with the SmartBCH infrastructure. The tool remains very basic, but we will be improving it as time allow.
There are a lot of other things to worry about security on Smart Contracts, but these two are the most fundamental ones. Before you decide to invest or use any smart bitcoin cash project, try to find their audit and code verification.
You can find more information about security in our previous post: https://www.reddit.com/r/btc/comments/p6dr02/lets_talk_about_security/
[link] [comments]
source https://www.reddit.com/r/btc/comments/qkj38l/lets_talk_about_smart_contract_security/
No comments:
Post a Comment