All the smart contract platforms have only one main aim as of right now, scalability. However, in this race for scalability and speed, one shouldn’t compromise on security. Security happens to be one of the primary, fundamental features of a smart contract platform. Decentralized platforms and applications usually deal with a lot of money. If the contract developers are not careful with the code, attackers can easily exploit vulnerabilities and cause all sorts of chaos. This is the reason why platforms should work extra-hard on maintaining top-grade security. As crypto’s short history has taught us time and time again, careless security can lead to devastating results.
Smart Contracts and Security Problems
Let’s look at some of the smart contract exploits in the two most popular platforms — Ethereum and EOS.
In 2016, a hacker was able to exploit a weakness in the DAO smart contract to steal $50 million worth of Ether. This debacle led to the community getting split into Ethereum and Ethereum Classic.
In 2018, hackers were able to use an EOS DApp smart contract exploit to conduct two attacks on the gambling DApp EOSBet on September 14 and October 15. In the first attack, the casino lost 40,000 EOS and in the second one, 65,000 EOS.
To not compromise on their security, FLETA took a bunch of steps to make sure that an exploit doesn’t happen.
FLETA’s security measure
The three security measures that FLETA took are:
- Utilizing observer nodes.
- CertiK verification.
- Utilizing Ledger’s vault service.
#1 Observers Nodes
Observer nodes take part in the Proof-of-Formulation consensus mechanism. The role of these observer nodes is to prevent DDoS attacks and maintain overall network security. Main features are as follows:
- Each Formulator group gets assigned five observer nodes, of which three need to sign off on a generated block for it to be confirmed.
- The observer nodes will be accessed by the formulators to hide and mask their IPs to prevent DDoS attacks.
- Real-time information is provided to the observer nodes about a formulator’s activities
- Node status and structure information is revealed to formulators and other users to increase the overall transparency of the network
#2 CertiK verification
CertiK is one of the best blockchain and smart contract verification platforms in the world. It was founded by former senior software engineers from Google and Facebook and formal verification experts from Yale and Columbia University. Instead of doing simple auditing CertiK does formal verification. Formal verification is a process which mathematically shows what a program does and how it acts out. For mission-critical programs like smart contracts, formal verification is an absolute necessity.
CertiK classifies the vulnerabilities they discover among the following categories:
- Critical: The code implementation doesn’t match the specification and vulnerabilities are severe enough to cause loss of funds for the contract owner or users.
- Medium: The code implementation does not match the speciﬁcation at a specific condition, or it could aﬀect the security standard by lost of access control.
- Low: The code implementation is not a best practice, or use a suboptimal design pattern, which may lead to a security vulnerability, but no concern found yet
Upon reviewing FLETA’s source code, CertiK concluded that the code has no Critical, Medium, or Low-level vulnerabilities.
#3 Utilizing Ledger’s vault service
FLETA recently has partnered up with Ledger, the hardware wallet company, to manage their tokens with enhanced security capabilities through Ledger Vault service. Ledger Vault is a multi-authorization cryptocurrency wallet management solution enabling financial institutions to safe-keep their funds. The Vault will be using Ledger Blue enterprise devices to safeguard private keys and manage multi-sig process. To summarize, Ledger has the following properties:
- Aimed at asset managers and custodians.
- Allows the creation of custom transaction authentication procedures for each account.
- Utilizes multi-sig, timelock, and rate limiters for added security.
- Utilizes Ledger Blue enterprise devices to secure private keys and manage the multi-sig processes.
FLETA understands the need for security for both their casual users and developers. For a platform to progress and reach new heights, it is crucial for them to maintain the faith and goodwill of the general public. To do so, FLETA has taken all the steps possible to create a fast and highly secure ecosystem.