In the Eyes of a Blockchain Developer: Chiachih Wu from PeckShield

Building an application on a blockchain is a real challenge for developers who are seeking to leverage the power of the decentralized Web. With that in mind, dfuse is inviting experienced developers to share their journey of building these next-generation dapps. To launch the series, we are pleased to speak with Chiachih Wu, Co-Founder/Research VP at PeckShield and one of the early users of the dfuse API.

Could you introduce yourself?

I am Chiachih Wu (@chiachih_wu), PeckShield’s Co-Founder/Research VP. I have worked in information security for more than ten years. I studied virtual machine security and mobile security in the early years. I delved into blockchain at the end of 2017 and co-founded PeckShield in Hangzhou in 2018.

Could you present the vision of PeckShield?

We have positioned ourselves to be blockchain data and security service providers. We analyze, organize, and summarize the data from major public chains, and with our years of experience in security, detect the possible security risks in the public chain, and then offer our findings and expertise to our partners in the ecosystem.

For example, when the dapp ecosystem started to flourish, we found that the biggest factor that plagued the growth of developers was hacking. For this, we launched the DAppShield risk control platform. DAppShield helps dapp developers perform pre-launch security testing, eliminate known risks, and integrate risk control capabilities to alert potential security attacks in a timely manner. In addition, it also supports a one-click pause after the attack occurs to minimize asset loss, then works with exchanges to track the funds, providing dapp developers with complete risk control, emergency response and other services.

This service provides DApp developers with the necessary security and risk control emergency responses, takes the burden off of developers in the early DApp development process by reducing the number of attack vectors. It also helps in protecting the security of digital assets, helping the DApp products and the industry itself to grow in a healthier environment.

We have a large number of address tags on the entire network, it monitors the large amount of changes in real time. As the data mining deepens, we will launch AML (anti-money laundering) services in due course.

On the whole, we are constantly adapting to changes in the market, finding the right direction, and maximizing the output of our own data and security capabilities. However, the entire industry is currently at a low point, and we are hoping to grow with the blockchain ecosystem.

What are the main challenges when developing on a blockchain?

The biggest challenge for developers is that there are security risks and obstacles in this industry, especially that the risk of being hacked is there throughout the entire course of product development.

1. The development of the blockchain itself is still in its early stages, and there are many security issues in the technology and operation. The security awareness and basic skills of blockchain developers are relatively weak in these early stages. Many underlying contract codes have large homogeneity, and once there is a problem, it will affect many;
2. In the second half of 2017 and early 2018, the blockchain boom and the price increase of different currencies greatly attracted the attention of hackers. The rate of return for hacking blockchain is usually much higher than that of the traditional Internet;
3. The cost of attacking on the blockchain is extremely low, and it is often difficult to recover by traceability. This has indirectly further indulged these security incidents.

The attacker is stronger than the builder, I am afraid that this is the industry environment that every developer will face. To attempt to overcome, it is imperative to do the risk control layout, strengthen the security protection from the beginning of a dapp’s development, put security first in the investment, and then build the operation and promotion on this basis. Obviously, the current DApp format is too focused on operation and promotion, but it also ignores the most basic security defense work. This has led to a series of security incidents, which not only hit the DApp developers hard, but also damaged the confidence of the market.

What advantages would a dapp have by working with PeckShield?

If we look from the actual DApp attack cases, a considerable part of the attacks can be effectively avoided. In the case of our DAppShield risk control platform, developers can log in to the DAppShield back-end in a decentralized manner, and that there is a large number of blacklisted accounts. Developers can block all blacklisted accounts with one click. They can also run detection of characteristics of known attacks, which helps developers to understand the security status of their DApp contracts. After an unusual attack, the DApp will be able to shut down a specific feature with one-click to minimize asset losses.

It should be said that DAppShield products take into account the various problems that may be encountered in the development of a DApp. This is combined with PeckShield’s accumulated security expertise, blacklist database, and risk-control emergency response services, which are all open to developers. This includes audits before the contract goes online, real-time anomaly detection after launch, and emergency response after an attack.

In the PC/Internet era, more attention is paid to the security of PC hosts and web servers. In the era of mobile Internet, on the basis of the above, there are more mobile terminals and with the need for increased APP security and data privacy requirements. Blockchain is different from the Internet. It has its own financial attributes and it directly writes the user’s digital assets on chain. Once a security problem occurs, the consequences are quite serious. Therefore, safety must be paramount, placed as the first layer.

What advice would you give to a developer who wants to build a project on blockchain?

For DApp developers, we have compiled a developer documentation on EOS on GitHub called: “EOS Smart Contract Coding Security Standard — A Quick Reference Guide”: https://github.com/peckshield/EOS/tree/master/eos-tutorials

Some Suggestions for developers:

1. There is a certain interoperability between the public chains. For example, TRON is developed based on ETH. DApp developers on TRON can refer to existing security events on ETH, analyze the characteristics of known attacks, and know in advance the possible attacks, and then test with a product similar to the DAppShield to eliminate some known attacks.
2. Developers should establish a close relationship with a security company. After all, they have the specialization. Security companies can share a lot of valuable experience and services to developers, helping developers take less detours and run into fewer roadblocks.
3. Developers should carefully choose the public chain platform. In the coming year, there will be strong competition among public chains. Especially in the DApp ecology, the whole layout will be established. Developers can comprehensively compare the development environment of major public chains, then choose a relatively more mature, stable and secure platform.
4. Find the right business model as early as possible. The reason why gambling games are the mainstream and that they are the most developed DApps is that they have a stable business model and relatively stable traffic. What’s blocking the growth of other types of DApps is the lack of a relatively viable business model. After all, entrepreneurship in the dapp ecosystem is difficult, and the first challenge is to simply survive.

If you are a developer and want to share your experience to build on the blockchain, please feel free to contact us. We would be happy to integrate your interview in to our series “In the Eyes of a Blockchain Developer”.

Originally published at www.dfuse.io.