Blockchains are inherently secure. For as long as it has existed, the Bitcoin network has never been successfully hacked. Given the blockchain’s decentralised architecture, hackers would have to hack every node in the network, alter the chain, and then propagate those changes all over again. Blockchains have proven to be as close to hacker-proof as they come. With introduction to 2.0 Blockchain, Ethereum presented smart contracts to the blockchain world. Smart contracts help us to exchange money, property, shares or anything of value in a transparent, conflictless way while avoiding the services of a middleman. As revolutionary as blockchain’s smart contract may be, they contract bugs and causing untold chaos on the field. Unfortunately, introduction of smart contracts brought many security issues along and have proven itself as an immature technology, giving way to errors and breaches that have caused millions of dollar to be lost, therefore trust within blockchain eroded. But now, there is a solution to fix all of that, because Matrix AI Network is presenting its 3.0 blockchain supported by artificial intelligence, which utilises AI and formal methods of security verification to identify and eliminate various smart contracts’ security holes. Matrix will run Intelligent Contracts.
As Vitalik Buterin, Ethereum blockchain founder, explained it at DC Blockchain Summit, in a smart contract approach, an asset or currency is transferred into a program “and the program runs this code and at some point it automatically validates a condition and it automatically determines whether the asset should go to one person or back to the other person, or whether it should be immediately refunded to the person who sent it or some combination thereof. In the meantime, the decentralised ledger also stores and replicates the document which gives it a certain security and immutability.” Ethereum is one of the largest cryptocurrencies right now, with a market cap of more than 20 billion dollars, processing 500 thousands transactions per day. Using its Turing-Complete high-level programming language, Solidity, people are building smart contracts daily. There is already a large amount of applications running on the main network, from token systems to wallets, hedging contracts, lotteries etc. But where there is money involved there are malicious actors. And these malicious actors are exploiting existing smart contracts’ security loopholes.
To prove that, we can easily recall the famous DAO (Decentralised Autonomous Organisation) hack. DAO was meant to operate like a venture capital fund for the crypto and decentralised space. The lack of a centralised authority reduced costs and in theory provided more control and access to the investors. However, on June, 2016, a hacker found a loophole in the coding that allowed him to drain funds from The DAO. In the first few hours of the attack, 3.6 million ETH were stolen, the equivalent of $70 million at the time. Once the hacker had done the damage he intended, he withdrew the attack. In this exploit, the attacker was able to “ask” the smart contract (DAO) to give the Ether back multiple times before the smart contract could update its balance. Two main issues made this possible: the fact that when the DAO smart contract was created the coders did not take into account the possibility of a recursive call and the fact that the smart contract first sent the ETH funds and then updated the internal token balance. It’s important to understand that this bug has come from application that was built on Ethereum and not Ethereum blockchain itself. The code written for The DAO had multiple flaws, and the recursive call exploit was one of them. And many of these multiple hacks occurred simply due to mistakes that programmers have made when writing lines of code in Solidity.
When these kind of events were witnessed, number of companies offering smart contract verification and auditing were founded. For example, Quantstamp — worth nearly half a billion dollars by market capitalisation in January, 2018, has presented a security auditing protocol for smart contracts. Through Quantstamp, clients have their smart contracts audited by programmers and verification software. It is obvious that this process of auditing and proofreading contracts requires much time and advanced programming skills. While it’s an effective solution to possible security flaws, such labour-powered efforts currently costs thousands, even tens of thousands of dollars per audit. These solutions may be impactful on a huge organisation case-by-case basis, but it’s obvious that more efficient solution is needed to meet the world’s growing appetite for blockchain.
Recognising this, MATRIX utilises AI and formal methods of security verification to identify exactly these types of security holes. Because it is adaptable, the AI will self-optimise over time and improve at finding additional defects. This will save companies time and money that would otherwise have been spent on consulting fees paid to third parties. With MATRIX, no programming knowledge is needed anymore for designing smart contracts. The unique code generation technique of MATRIX allows automatic conversion of an abstract description of a smart contract into an executable program. MATRIX only requires users to input the core elements (e.g. input, output, and transaction conditions) of a contract with a scripting language. Then a code generator based on a deep neural network is able to automatically convert the script into an equivalent program. The MATRIX neural networks will generate a library of templates based on initial inputs, that are then automatically refined and evolved based on historical data. Their AI based security engine has a rule-based engine for smart contracts, a formal verification toolkit for security properties, a detection engine for transaction model identification and a deep learning platform for dynamic security verification and enhancement.
You can read more in-depth article on Matrix’s Solution for the Issue of Security and Smart Contracts here.
MARTIX’s compiler provides contextual checks to determine operations that do not satisfy rules or are not safe. MATRIX can generally eliminate all the logic flaws on the surface layer caused by human-written smart contracts. At the core of MATRIX is AI-aided computing, and there are built-in AI features at all levels. Therefore, for verification of contracts, the formal verification based on AI aid, as well as the method of checking with dynamic restriction, are used to solve security problems.
By combining AI and blockchain technology MATRIX aims to revolutionise the user experience of executing smart contracts, by making the whole process faster, easier and most importantly safer.
Resources:
https://hackernoon.com/smart-contract-security-part-1-reentrancy-attacks-ddb3b2429302
https://eprint.iacr.org/2016/1007.pdf
https://medium.com/@keithtuskey/matrix-ai-network-getting-the-attention-it-deserves-d1e819a5e695
https://blockgeeks.com/guides/smart-contracts/
https://medium.com/swlh/the-story-of-the-dao-its-history-and-consequences-71e6a8a551ee
Website | Telegram | TelegramRU | Twitter | Reddit | Facebook | White Paper | White Paper RU
