Open in app

Sign in

Write

Sign in

How we launched CryptoKitties’ latest feature

Dapper Labs’ bug bounty highlights the key role community plays in shaping the future of blockchain technology

Dapper Labs
Dapper Labs

--

CryptoKitties’ newest feature, Offers, is one of the biggest updates the platform has seen. To make it happen, we had to release our first smart contract since CryptoKitties launched last year.

And to make sure it all worked as intended, we had to enlist your help.

There’s no room for bugs in Smart Contracts

A smart contract is a chunk of code that performs a specific action on the Ethereum network. For instance, there’s a smart contract that allows CryptoKitties players to buy or sell a Kitty and another that lets them breed two Kitties together. Once a smart contract has been added to the Ethereum network, it’s usable by everyone, its code is public, and it can’t be changed or removed.

That means it’s vital to scrutinize a smart contract before you ship it. The blockchain’s immutability is one of the things that makes the technology so compelling, but it also presents a big challenge for development.

To parse our contract as fast as possible, we enlisted the CryptoKitties community. It’s not the first time they’ve answered the call, nor will it be the last.

It takes a village to hunt bugs

Hosting a bug bounty is nerve-wracking. Opening your work to outside scrutiny can make your palms sweaty. But the potential returns are enormous — and not just in terms of polishing your code.

The CryptoKitties alpha was shaped by the community at the 2017 ETHWaterloo hackathon, where industry enthusiasts and newcomers alike shared their feedback on how to improve the game. Our first Bug Bounty, hosted before CryptoKitties went public, helped make the world’s most used smart contracts as secure as possible.

And our original bug hunters didn’t just make CryptoKitties better, they made the world better. Nick Johnson, who won an Exclusive BugCat V1 for his contributions, turned that Kitty into 150 cows for families in need.

There are only so many of us at Dapper Labs, but we can multiply our brainpower by harnessing the collective might of our brilliant, insightful, and, dare we say, particularly attractive community. Plus, with the different perspectives, backgrounds, and experiences our community brings, they can spot issues we may overlook.

Community is how blockchain realizes its potential

The blockchain is reshaping traditional structures. Transparency and collaboration are becoming standard practice. Rules are permanent and public. Code is open-source, and anyone can build on the foundations laid by another. The work of one lifts all.

We’re on the precipice of a new era of mass collaboration. Immortal, collaborative code is the future. Open bug bounties are a small step in that direction. So why not start working that way today?

Meet the Dapper Labs bug bounty committee

The Offers bug bounty is complete, and the feature is live. In just a few days our bounty hunters scoured our contract top to bottom and logged their findings in 50 GitHub issues. Thankfully, they found no critical bugs, but their help has made Offers substantially better.

So, first of all, put your paws together for everyone that took part: @wharris1979, @michaelKim4736, @pauliax, @hashkitty, @geggleto, @ghzwrapper, @freakitties, @pengocat, @hammeWang.

And special kudos to our top exterminators, @TomLeeFounder and @sunsetlover, who each received an Exclusive BugCat V2 for their efforts.

We’ve assembled an elite in-house squad that oversees our bounties. These Dapper team members — our Bug Bounty Committee — triage the issues our community submits.

Dieter Shirley
Our Head of Blockchain Technology, Dete is our go-to expert on all things decentralized. He’s been keen on blockchain since 2010, when he mined his first Bitcoin on a home computer. He’s also the original author of ERC-721, the non-fungible token that represents each CryptoKitty.

Howard Tam
Howard is a graduate of Oxford AND Princeton. Yeah, we know. He plays key roles on our blockchain projects and co-wrote the Offers smart contract. Here’s what he had to say about bug bounties:

“Bug bounties leverage swarm intelligence, which is very, very powerful. But more than that, they foster two-way education, transparency, and respect to our community. There are a lot of eyes on us, so it’s vital we emphasize openness and collaboration, and nothing does that like a bug bounty.”

Leo Zhang
As our Head of Scaling, Leo is grappling with the issues blocking blockchain from mass adoption. Leo has written several books — we’re talking real, physical books — about coding.

Leo also worked directly on the Offers smart contract. So how does he feel about bug bounties? Loves ’em. Here’s why:

“Designing and implementing a secure and performant smart contract involves a lot of thinking. A bug bounty program is a chance not only to share the design behind the contract but also the idea behind it. I’m very appreciative that we received a lot of valuable feedback from the bug bounty participants.”

Chris Scott
As our Head of Technology, Chris spearheads the research and design for projects that involve advanced cryptographic techniques. He is, in a sense, our crypt(o) keeper. He also tells jokes so bad they’re good.

Jordan Schalm
Jordan has lead a team building a cryptocurrency and, when he’s not working with NFTs at Dapper, spends his spare time masterminding an open-source auction system for NFTs on Ethereum.

Bradley McAllister
Brad studies Mechatronics –– Mechatronics! –– at the University of Waterloo. When he’s not helping us put Kitties on the blockchain, he’s hacking together his own dapps in his spare time.

Fabiano Soriani
Fabiano is our Lead Blockchain Engineer. In addition to helping Dieter create ERC-721, he’s the founding developer for the original smart contracts that power CryptoKitties, which, at almost four million transactions, are the world’s most-used contracts. That’s a lot of cats.

Working openly means working together

This team spends every day thinking about the path to decentralization, how to best leverage the blockchain’s capabilities and overcome its challenges. We have our vision of the decentralized future — one where power rests with the majority, not an all-powerful minority; where the rules are fair, transparent, and permanent; and where everyone is free to collaborate and build on the foundations of another — but the map to get there is incomplete.

Along with its benefits, immutability raises immense challenges. We need a way to produce code that isn’t all-or-nothing, because launching something and crossing your fingers that it works is neither iterative nor sustainable.

Nobody gets it right the first time, even with a dedicated community backing them up. No matter how thoroughly you experiment in a test environment, there are real-world variables that are impossible to anticipate. Take, for instance, that time we accidentally melted the world’s supercomputer.

So we’ve thought deeply about how to balance decentralized advancements while maintaining a steady working pace.

The solution, we believe, is progressive decentralization: building mechanisms into our code that automatically ratchet up decentralized principles over time.

What’s Progressive Decentralization?

Full decentralization is our ultimate goal. It’s already changing the world, but it’s crawling, not sprinting.

We believe the best way to accelerate decentralization is not to leap in headfirst, but tackle it in phases:

  • Launch something in as decentralized a format as possible
  • Include protections to safeguard the foundations while allowing the creator breathing room to iterate, improve, and repair the code
  • Build in mechanisms that gradually strip away those special privileges until it reaches a completely decentralized state

The challenge is preserving the sanctity of decentralization while allowing flexibility for adjustments and improvements over a transparent timeline. The greatest value the blockchain offers a consumer is decentralization: when people truly own their digital assets and data, they’re free to do with them whatever they please, and when the rules don’t change, systems are transparent and fair. To get there, we need to work within a centralized framework.

We’ll be delving into this theory much more deeply in the coming days. In the meantime, enjoy CryptoKitties, try out the new Offers feature, and join us on this journey to a decentralized world.

--

--

Dapper Labs
Dapper Labs

Written by Dapper Labs

856 Followers
Editor for

The serious business of fun and games on the blockchain