Big Tows322
Jul 22, 2017 · 3 min read

OpenSRC Heroes

In Douglas Adams' brilliant book entitled Dirk Gently’s Holistic Detection Agency, Dirk referenced Isaac Newton’s greatest invention: the cat flap. In the 21st century, the cat flap is ubiquitous, and everyone thinks the cat flap is an obvious utility but not before invented. It’s easy to armchair the obvious in hindsight.

Fast forward to 20Jul2017 and an Ethereum smart contract was exploited to the tune of USD30 million. The cyber blogosphere is ripe with Ethereum dev criticisms of the exploited vuln. The vuln has been in the sea since Jan2017. However, there’s zero mention of its obviousness prior to 20Jul. Again, when we know the answers then it’s easy to criticize.

The original devs for this smart contract were Ethereum’s creators, the Parity core team, and the open src community. The code was also peer reviewed. The devs were as good as it got. Professional devs understand vulns are part of nature.

Thanks to open src-ing in real time, the hacker was thwarted using his own exploit, and the RobinHoods saved hundreds of millions more. If the smart contract was in a traditional proprietary institution like the blockchain IBM is setting up for the Big 7 Euro banks then all the monies would have gone to the nefarious.

Traditional dinosaur businesses consider cybersecurity negligible to perceived shareholder value. In the multi-national corporation (MNC) world, bad press sinks share prices, and any publicly disclosed hack attack surely does the job. When MNCs succumb to inevitable hack attacks, they do every shareholder and customer a disservice by hiding the breach. MNCs usually make up CYA stories, and the financial losses are written off after the legal scam known as cybersecurity insurance is filed. Proprietary systems are the bane of consumer protection and security.

Open src coding gives everyone transparency, a level playing pitch. Ethereum’s regulators jumped into action as soon as they realized the heist. Open src’d coding saved the day.

“Complexity is the enemy of security.”~Haseeb Qureshi

Ethereum devs going forward must remember the value of a KISS. KISS is an acronym I learned from my wise Jew teacher in art school during the '90s. KISS stands for Keep It Simple, Stupid. When dev’s remember KISS-ing then their coding has less opportunities for exploitation because it’s easier for the community to identify flaws and patch the existing vulns. Dinosaur cyber MNCs should learn from Ethereum’s good example.

Which reminds me of a fav quote, "If I can’t fix it, it ain’t broke."~not me

Lessons learned

Open sourcing gives everyone, nefarious assclowns, RobinHoods, and no one in between, a level field to accordingly act.

Blockchain security is rapidly evolving and much more work needs doing.

Hindsight is 20/20, learning from mistakes is not.

Mistakes and failures are good for learning. These particular mistakes should teach us all a valuable USD30 million dollar lesson: open src-ing saves, complexity is a killer, and blockchain security needs more scrutiny.

Musical tribute Warren G, Regulators

Regulate

https://g.co/kgs/Bm4naJ

Further Readings

Haseeb Qureshi's Ethereum overview, technical review of the attack vector, and the future.

excerpt

Unless you build intelligent security mechanisms into your contracts, if there’s a bug or successful attack, there’s no way to shut off your servers and fix the mistake. Being on Ethereum by definition means everyone owns your server.

https://medium.freecodecamp.org/a-hacker-stole-31m-of-ether-how-it-happened-and-what-it-means-for-ethereum-9e5dc29e33ce

IBM smart contracts built to mirror Ethereum platform

https://www.fool.com/investing/2017/06/27/ibm-scores-blockchain-deal-with-7-major-banks.aspx

Feedback is always appreciated. If you enjoyed my article then clap for me and share with the community!

Big Tows322

Written by

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade