ADVERTISEMENT
Advertise with BNC

Assert Guards: Towards Automated Code Bounties & Safe Smart Contract Coding on Ethereum

With great power comes great responsibility. Once uploaded, the code on Ethereum runs exactly as programmed… forever. That is one of the platform’s core benefits: code that always interoperates as promised, can’t be tampered with, and has no down time. You don’t have to trust the creator or hosting, only the code. Except, that comes with a price. As we all know, bugs always creep up. In fact, in Ethereum, there’s already been circumstances where this code, which you can’t replace, has caused trouble.

With great power comes great responsibility. Once uploaded, the code on Ethereum runs exactly as programmed… forever. That is one of the platform’s core benefits: code that always interoperates as promised, can’t be tampered with, and has no down time. You don’t have to trust the creator or hosting, only the code.

Except, that comes with a price. As we all know, bugs always creep up. In fact, in Ethereum, there’s already been circumstances where this code, which you can’t replace, has caused trouble.

How do you make sure there are no bugs in production, and how do you make sure you retain the trustless powers of Ethereum? One can build code that allows others to change the code. However, this gets us back to square one: needing to trust that the owners of the code haven’t been and won’t be hacked and that they aren’t malevolent.

Various members and groups in the community have contributed to finding ways around this [1]. I’ve combined these ideas and some of my own into a concept called “assert guards”.

It is code on Ethereum that guards other code. The code can only be changed if a test case fails.

It works as follows:

  1. Write your contract tests in Solidity.
  2. Attached to your primary contract code is other code, called an “assert guard” contract. Attached to it is the tests, as well as the primary code. It has a multi-sig of owners capable of changing the primary contract code.
  3. If deployed, the owners can’t change the primary contract code.
  4. If an “assert” fails, then the guard can block all requests to core code & let the multi-sig owners back “in” to be able to change the core contract code (or the tests).
  5. Once fixed (the code owners have changed the code), the assert guard blocks access to changing the code and opens up requests again. If an assert failure happens again, it repeats the process.
  6. This can be combined with a relative or fixed lock. Relative == after every fix, if there’s no assert failure after a subsequent 6 months, then the guard ossifies forever, become fully autonomous & trustless. Any new assert failures won’t trigger the guard anymore. A fixed lock is based on the time of deployment. It’s not based on whether assert failures are found. In other words: eg, in 6 months time from deployment, if there was a failure or not, the guard will ossify.

In order to incentivize bug hunting, bounties can be used.

Automated bounties can be attached upon finding an assert failure. If automation seems unfair or potentially dangerous, it could simply log tx.origin & msg.sender and then pay out a bounty manually afterwards.

More democratic ownership of code be done in the form of a DAO: stakeholders must vote on whether or not a fix looks good (instead of say a multi-sig of 3 devs).

This means that (1) one can beta-test live code for a few months, (2) developers can fix code in this period if it breaks, (3) you don’t have to be a Solidity expert to deploy functional dApps, and (4) after some time, it moves to the fully trustless power of the Ethereum platform.

This method adds additional complexity, as well as additional costs, and merits discussion. If you have any thoughts, please share.


ADVERTISE WITH BRAVE NEW COIN

BNC AdvertisingPlanning your 2024 crypto-media spend? Brave New Coin’s combined website, podcast, newsletters and YouTube channel deliver over 500,000 brand impressions a month to engaged crypto fans worldwide.
Don’t miss out – Find out more today


ADVERTISEMENT
Advertise with BNC
ADVERTISEMENT
Advertise with BNC
BNC Newsletters: A weekly digest of the most important news and analysis.
ADVERTISEMENT
Advertise with BNC
Submit an event on bravenewcoin.com
Latest Insights More
ADVERTISEMENT
Advertise with BNC