Computable Contract Audit
At Computable, our mission is to democratize access to data and create a fair economic system around data ownership. A few months ago we released our whitepaper, Fair value and decentralized governance of data which introduced our design of a decentralized protocol for fairly valuing and governing datasets. We also announced that we’d built a system of smart contracts that implemented our data governance protocol.
We’ve spent the last few weeks working with the talented team at Trail of Bits to audit our smart contract system. Auditing is essential to creating secure software, and this is especially true for smart contract code. Smart contracts tend to implement core infrastructure, control the flow of money, are difficult to upgrade, and have functions that are publicly callable, making them especially attractive to attack.
Trail of Bits has produced a detailed report which details the security analysis of our code. Quoting from the executive summary:
The overall quality of the code base is good. The architecture is suitable and avoids unnecessary complexity. Component interactions are well defined. The functions are small, clean, and easy to understand.
Our contract system has a number of unique features that made it an interesting project for both of our teams. First, our contracts are written entirely in Vyper. In fact, we believe our codebase is the largest Vyper smart contract system to undergo an extensive security review thus far. Even though Vyper is a new language, its stronger types and improved numerical support made the switch from Solidity worth it for us. We’ll say more in a future blog post.
The system consists of 7 interlocking contracts which together define the functionality of a decentralized data market. We worked hard to make our code clean, modular, and easy to understand, making it relatively straightforward to fix issues surfaced by the audit.
Being meticulous and human-centered about readability also means that everyone on our team and in our community can use the code itself as the source of truth for how the system will behave. In Dapp development, protocol features and their behavior impact a diversity of stakeholders from other smart contract developers to product designers. Docs are important at fleshing out a system’s rationale and behavior, but nothing substitutes for readable code, and smart contracts are no exception.
Our design faced some unique challenges. First, managing off-chain state through on-chain code is difficult since a smart contract can’t easily enforce that some action has been taken in the physical world. We’ve made a set of structured trade-offs (such as having the datatrust operator be a semi-trusted participant) that permitted us to build a pragmatic, functional system, but we’re upfront that we haven’t entirely cracked the problem of off-chain data governance yet. We’re working hard towards this and have some research ideas we’re pursuing. Second, on-chain governance systems are vulnerable to attacks from “whales,” rich individuals who can use their buying power to take control of a market. Based on feedback from the audit, we’ve made changes to the smart contract system which make it harder (but not impossible) for malicious entities to destructively alter market parameters.
Another known issue is the possibility for front-running and denial-of-service attacks. A sophisticated adversary could with sufficient effort, slow down transactions in a market and make participating in a market difficult for stakeholders. However, sustaining such an attack would be challenging, and there are steps participants can take to make such attacks harder (such as raising their gas fees). We’re planning to actively watch for such sophisticated attacks in practice and will take steps to educate and mitigate risk to our users. If you’d like to read about the trade-offs we made, we encourage you to read our detailed response to the audit report.
All in all, we’re confident that we’ve found a unique and interesting point in the smart contract design space that will serve as a foundation for future work on the fair governance of data. We’d love to hear from you on Twitter @computable_io , on our discord, or in our forums
Resources
Originally published at https://www.computable.io on October 28, 2019.
