Smart Contracts Are Protocols
Protocols need to be secure and regularly audited.
Smart contracts are future Internet native protocols.
Protocols need to be highly secure and failure resistant. The Internet building blocks should be free from unintended side effects… as often as possible.
The above statement is even more true, when the Internet natively includes protocols beyond just communication and media. We’re all familiar with the power of communication and media protocols, because we use the applications built with those protocols everyday: Twitter, WhatsApp, etc..
- Communication Protocols (HTTP/TCP/SSL)
- Media Protocols (HLS/Websocket)
What are the security implications of Internet native Value protocols?
- Value Protocols (ETH/BTC/ZEC)
The Value Protocols are coming.
Open Finance a.k.a. Decentralized Finance
A Lesson from the Past — A Major Heartbleed
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug was publicly discovered in 2014.
Heartbleed impacted SSL — an essential Internet native protocol.
OpenSSL [the protocol effected by Heartbleed] is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet.
According to Caswell, 30 OpenSSL contributors made 469 commits to the master branch in 2013, which was the last full year before the disclosure of Heartbleed. In comparison, in 2019, roughly 150 authors made over 1,800 commits.
“This broader community engagement means we really do have many more eyes on the code and a much healthier project,” Caswell said.
In the aftermath of Heartbleed, the OpenSSL Project also started focusing on code quality and introduced a mandatory code review process for all commits, ensuring that every line of code is verified by at least two experienced developers before being accepted.
A shockingly low number of contributors (30) helped maintain the OpenSSL protocol. A very important public goods resource. More important to recognize though is the core maintainers was only comprised of 1–3 people.
It’s a clear message for Smart Contract Protocol Developers.
Start forming communities now. It pays dividends.
An Insight into the Future — Funded Public Goods
The Public Goods debate is settled. The Internet will be secured and managed by a vast assortment of Open Source protocols. We can already recognize and observe a shared infrastructure is the best strategy for assured mutual survival in an evolutionary optimal ecosystem.
The Internet of Today is powered by Open Source Public Goods.
Smart Contract Protocol Meta Strategy
The winning strategy for smart contract protocol development is core teams (3–7) and a large supportive community (100’s) with regular contributions.
Core Team — 3 to 7 People
Secure smart contract protocol will require in-depth knowledge, which is best handled by a core team with a strong incentive to maintain the codebase.
Community Contributors — 10 to 1,000+ People
A large community of contributors incentivized to report bugs, request new features and contribute to code maintenance can ensure a codebase stays adaptive to environment demands, and security issues can identified and fixed.
A Lesson Learned Moving Forward
Secure Internet protocols are critical to global business operations. Unfortunately, what seems to happen is mission critical Open Source Software and essential Public Goods can go underfunded and understaffed.
Tragedy. A tragedy of the commons… and business. Bad capitalism.
Internet native Value Protocols offer an opportunity to properly align incentives between essential Public Goods (like OpenSSL) and the people and contributors that make it possible.
We have the smart contracts (Open Bounties Standard)
We have the developer community (Gitcoin)
We have the platform (Ethereum)
No more avoidable major security bugs, please.
My heart just can’t take it anymore!
💔
