Abstract

This article describes a problem of decision that may significantly hurt or even destroy a system that utilizes a decision making mechanism that is prone to this problem. This must be taken into account when designing a decision making (governance) system.

Definition

The problem of “Nothing at stake” occurs when some party that is not affected by the consequences of a particular decision is allowed to participate in a decision making process. This allows a malicious party to disrupt the decision making process by pushing any inadequate decisions and not getting penalized in case the system is hurt by these decisions.

Example

Stakeholder: why aren’t we solving the problem of 51%-attacks? …


Intro

Callisto Network was first announced on September 25, 2017 in the Ethereum Commonwealth development report. Then, on January 16, 2018 the launch of Callisto Network airdrop was officially announced. On April 15, 2018 Callisto mainnet was succesfully launched.

This repo preserves the history of Callisto development, launch, pre-launch and post-launch issues and the initial roadmap.

The main goals of Callisto Network were stated as:

  • Free-of-charge security auditing of smart-contracts.
  • Cold staking implementation.
  • Crosschain interoperability research.

One of the main goals of Callisto Network was to boost the growth and development of Ethereum CLassic. This goal is considered achieved. All the reference protocols developed by Callisto Team are compatible with Ethereum Classic and the corresponding proposals to implement the described enhancements in ETC are already submitted according to the ECIP…


This article breaks down the most pressing issue of a DApp insurance organization described at my previous article: DApp developers can hack themselves to receive the remuneration provided by insurance contract.

The problem.

DApp developer can:

  1. Develop a ‘malicious’ smart-contract that can be hacked.
  2. Insure the smart-contract at the DApp Insurance Organization.
  3. Exploit a vulnerability of the contract to withdraw the funds operated by the contract.
  4. Claim that the contract was hacked and request the remuneration from the DApp Insurance Organization according to the insurance agreement.

The method of the development of a ‘malicious’ smart-contract may also differ by the principle of the…


The importance of security in the area of smart-contract development is evident nowadays. Smart-contracts and DApps that rely on them are operating with funds and in most cases these are funds of DApp customers.

Smart-contracts must be perfectly secure. The possibility of hacking or stealing funds operated by smart contracts is the main problem in the development of each DApp designed for working with funds.

In this article, I would like to describe new approaches to ensuring safety of funds in this area.

Nothing is absolutely secure

One of the main security engineering principles declares that “there is no system that can be engineered to be perfectly secure or absolutely trustworthy” (System Security Engineering TSAPPS at NIST). …


Callisto Network was founded with two main goals: improve the security of the smart-contract development industry and develop a reference implementation of Ethereum protocol improvements that could be used in Ethereum Classic.

To fulfill the main goals of the project, we identified four areas in which work was carried out:

  1. Facilitate the growth and the development of Ethereum Classic as well as develop a reference implementation of protocol improvement proposals for ETC.
  2. Develop a reference implementation of Cold Staking protocol.
  3. Develop a system for smart-contract auditing, paid at the protocol level.
  4. Develop a governance system.

The first three points have been successfully achieved by the Callisto team and community. Also, it should be noted that we already proposed the developed features for Ethereum Classic as it was mentioned in this article earlier. …


Auditors

The security audit of McAfeeDEX smart-conract was performed by Callisto Network security department. 5 security auditors (including me) reviewed the contract independently. The security manager then compared our audit reports and summarized the results described.

Copies of each audit report and final summary can be found here. Security Audit summary can be found here.

Please note that our severity determination procedure implies that the contract developer is only responsible for the contract that we have audited. This means that some issues that are not directly related to the audited smart-contract are assigned “note” or “low” severity but these can still lead to financial losses of the DEX customers and it is strongly recommended that the developer of the contract fixed this issues before using the contract. …


This article aims to provide some education about the programmable blockchains (aka “smart-contract development platforms”) and explain the reason of Callisto not being one of them despite the fact that it has built-in smart-contract system.

Let me dispel some myths around smart-contracts, blockchains and development in this area as well as provide my own vision of what future awaits Callisto.

Myth: value of a project reflects the development progress

Let’s just compare two projects: ADA (Cardano, top 12) and CLO (Callisto, ranked 712)

The main goal of ADA is to serve as a development-platform for smart-contracts.

The main goals of Callisto are the implementations of an experimental protocols of (1) protocol-level funded security audits, (2) economical value of time-locking mechanisms (Cold Staking), (3) vote-based governance system. …


Intro (not so important info)

Long time ago, even before I came into blockchain industry, I was a hobbyist game developer.

When Ethereum came into existence I was trying to build a game on it. It proves to be impossible to build a game with a deep gameplay due to a set of problems with Ethereum. The main problem there was transaction fees.

Now EOS has appeared, and at the moment it is the most advanced platform for the development of smart-contracts. …


This is a translation of Callisto Russian community AMA.

Dexaran

Hello Callisto Network community.

Q:
Good evening, what prospects do you see for Callisto in the near future? Why is Callisto lowering its position at CoinMarketCap each day?

First, we plan to finish the development of the decentralized governance system and provide all the necessary tools to enable the community to participate in the process of decision making. Currently no one of the crypto- projects has an absolutely effective governance model.

Then we plan to proceed with scalability solutions.

As for the current price I’m not planning to give any financial advices and everything I could tell you is my subjective opinion. …


What happens?

At 9/13/2019 the EOSPlay DApp was hacked. The hacker exploited a flaw of the implementation of the EOSplay Random Number Generator (RNG), which allows him to take away about 30,000 EOS from the EOSPlay smart contract.

NOTE 1: The attack is not related to the design of EOSIO but only to the design of this particular DApp.

NOTE 2: We do not have the source codes of the hacked contract. Everything described on this article is a set of assumptions made by smart-contract developers based on what we know about the smart-contracts and EOS. …

Dexaran

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store