Navigating the minefield of Token Offerings — Part 2

Panos Sakkos
May 7, 2019 · 3 min read

Last time we highlighted how critical trust is in a decentralized environment (ironically) and especially in Token Offerings. One aspect of the damaged trust between the end users and the decentralized ecosystem is cybersecurity. A decentralized system is usually built from many different building blocks (subsystems) and each one of them can have a negative impact on the overall system, when it gets compromised. A special category of building block is Smart Contracts. Smart Contracts are executable code that runs on a decentralized network, in an automated way. You can picture them as a vending machine that, once it’s programmed and filled with items, will keep serving the available items when someone drops a coin in it. Smart Contracts are the beating heart of a decentralized system. Αny kind of bug can be fatal to the overall system, since it will almost always have an impact on the funds of the Contract itself and its stakeholders.

Image for post
Image for post

The first major Smart Contract incident was the one of the DAO, which took place less than two months since its launch and affected 18,000 stakeholders who lost more than 3,6 million Ether. Another severe incident was the Parity wallet hack which resulted in more than 150,000 stolen Ether. Just these two incidents on the Smart Contract level, had an impact on funds that are currently valued close to $700,000,000.

The community is well aware of how critical Smart Contracts are, and has taken steps to improve their security. There are two directions to prevent security bugs, training and tools . In the first direction, security researchers have already collected the most common Smart Contract vulnerabilities and created “OWASP Top10 “— like wikis to raise awareness about them and to educate developers on how these common vulnerabilities should be mitigated. On the direction of providing tools to the Smart Contract developers, the Solidity compiler has already integrated security checks which show up as warnings when compiling a Smart Contract and the list of security tools for Smart Contracts keeps growing.

Of course no automation can beat human error, and that’s why we decided in Blocktopus to integrate Dedaub’s Contract Library when a Token Offering Smart Contract is registered, and to not allow any Token Offering that has warnings to be published on Blocktopus. That way Blocktopus makes a step further on building the trust between its end users and the Token Offerings that they get connected to.

A few words about Dedaub and Contract Library:


The verified user directory for the decentralized era

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store