Every blockchain needs a tool for auditing its smart contracts

At the 3rd Global Blockchain Summit held in Shanghai hosted by Wanxiang Blockchain Labs, Gnosis co-founder and CTO Stefan George, Huawei executive Huang Lian Jin, Factom founder and chief architect Paul Snow, and Stellar co-founder Jed McCaleb discussed the security issues of emerging blockchain projects.

In particular, they emphasized the importance of conducting audits with a large community of developers to prevent potential technical problems.

The security, privacy, and scalability issues faced by blockchain are unprecedented because decentralized applications and protocols have never been tested before.

As blockchain projects such as Gnosis, Factom, and Stellar, along with technology conglomerates and financial institutions, begin to integrate the blockchain with existing infrastructures and technologies, they are encountering an increasing number of challenges.

However, with the help of thorough code audits and tests, executives from Gnosis, Factom, and Stellar believe that blockchain technology can become more applicable and flexible in the long-term; and will, therefore, be easier to implement in major industries such as finance, insurance, and healthcare.

By nature, public blockchain networks such as Stellar, Gnosis, and Ethereum are decentralized and distributed. As all smart contracts and operations are conducted in a peer-to-peer protocol, a sophisticated and complex structure is necessary to maximize privacy and security, while maintaining an optimal level of flexibility.

To achieve this, as explained by Stellar co-founder Jed McCaleb, it is crucial that every blockchain network implements a security audit to test smart contracts as well as the compliers.

“Security is a lot about simplicity, and not only on the smart contract level but also on the compiler level”, he stated. “To give an example, our friends at Augur they recently did a security audit of not only their smart contracts but also of the server compiler, and they found out that there were several security issues with the compiler.”

According to Stefan George, the co-founder and CTO of Gnosis, the $78 million Ethereum blockchain-based prediction platform, it is crucial to have a wide range of developers conduct multiple audits. This is to ensure that the code is running efficiently within a secure ecosystem, and therefore, prevent severe security issues.

For the Gnosis platform, George noted that several audits were conducted by many highly regarded blockchain developers within the open source cryptocurrency development community.

“If you want to proper audits, you need to think out of the box because many mistakes are not obvious. Based on our experience, it’s good to do several audits. Different people have to check the code, and they probably shouldn’t be working on the smart contract that they audit — it should be someone else. They should really try to understand what the programmer wanted to do. We did this for Gnosis –  we did several audits making sure that it is safe,” said George.

Jed McCaleb emphasized that it is impossible to create or develop a flawless codebase that is immune to all types of attacks and vulnerabilities. McCaleb stated that code must be written in a way that recovery from potential security issues and complications can be made seamlessly. He explained that bugs exist in all types of software, therefore, for the security of users, it is important to ensure the recovery process causes minimal interference.

“You have to recognize that software always has bugs and, essentially, code is the enemy. You have to prepare for those eventualities when something does go wrong and make sure that the recovery from problems is as unpainful as possible; and do a lot things to prevent total catastrophe, where it’s stuff that maybe you can roll back from or only hurts a small subset of users because things are ultimately going to go wrong, there are bugs in all software,” said McCaleb.

In response to McCaleb’s, Gnosis co-founder George noted that it is essential that blockchain networks and platforms operate a codebase which prioritizes simplicity. The simplicity of smart contracts and compilers is vital for developers in uncovering bugs and vulnerabilities, as well as in developing solutions to eliminate them promptly.

Security and scalability related issues have long been considered the major hurdles for blockchain development, especially for permissioned or centralized ledgers that are increasingly vulnerable to external threats, hacking attacks, and security breaches.

As Ethereum co-founder Vitalik Buterin previously explained, the achievement of sufficient scalability to power decentralized applications with millions of active users will take anywhere from two to five years. However, once these issues are resolved, blockchain platforms like Ethereum, Gnosis, Stellar, and Factom will be able to achieve commercial success.

Nonetheless, Paul Snow, the co-founder and chief architect at Factom blockchain network, has expressed his optimism toward the applicability of blockchains, especially in areas outside of finance.

Snow revealed that Factom, which is worth $130 million blockchain network and counts investor Tim Draper as a supporter, has secured a contract with the Bill and Melinda Gates Foundation. Their role will be to process, secure, store and track medical records for people in developing countries.

This post was written by Joseph Young for Binary District, an international сollaborative technology community which creates unique competency-based workshops and events on new technologies. Follow them down here:

CEO of Mt. Gox doesn’t want the leftover billion dollars worth of BTC

Four years ago Mark Karpeles became one of the most controversial figures in the fledgling cryptocurrency space after his exchange, Mt. Gox, abruptly went down along with 850,000 Bitcoin. Now the controversial Mt. Gox CEO is back to apologize for his mistakes.

In a Reddit AMA session , Karpeles took a moment to address some of the criticism aimed at him and the way he handled the Mt. Gox bankruptcy. Here are some of the more interesting things he had to say:

Launched in 2010 in Tokyo, Japan, Mt. Gox was one of the earliest and largest Bitcoin exchanges in the world. By 2014, Mt. Gox was handling 70 percent of all Bitcoin transactions worldwide, when it filed for civil rehabilitation followed by bankruptcy less than two months later — because large amount of BTC were found to be missing.

Karpeles came under severe criticism after it became clear he would end up earning a huge fortune from the bankruptcy. The Japanese bankruptcy laws mandate that the creditors claims are registered in the valuation of Japanese Yen on the date of bankruptcy and not in the asset (BTC in this case). With the surge in the price of BTC from 2014 to now, even if all the credits are paid in full, there will still be over 160,000 BTC left in the Mt. Gox estate, which will be distributed to the shareholders as part of the liquidation.

However, Karpeles says he doesn’t want any of it,

In March, it was reported that Mt. Gox sold more than $400 million worth of its BTC; many crypto-enthusiasts then went on to blame this move for the recent drop in price Bitcoin has been experiencing.

Here’s how NEO plans to top Ethereum and Bitcoin

When it was first conceived in 2009, Bitcoin’s creators probably did not have an inkling of how this nascent technology would potentially change the world. Back then, it was meant as a fully decentralized cryptocurrency that would not be under the authority of any government or regulatory body.

Blockchain technology has since undergone leaps and bounds, and you may already be familiar with the multitude of blockchains that address different sectors and industries — from finance to legal, to real estate, and beyond. Blockchains have also evolved from simply offering financial transactions to also supporting smart contracts, which is the main feature of technologies like Ethereum .

In short, Ethereum is a blockchain technology that offers additional benefits over simply being a cryptocurrency like Bitcoin. It gives developers the ability to build smart contracts that are publicly auditable and self-executing once certain conditions are met.

Here’s a real world scenario, where a bank can use smart contracts in trading derivatives:

– If X account has $Y balance – and if date is January 1st, 2018 – then transfer 10X to Z account – if not don’t do anything

You might be interested to know that public blockchains now have a total market capitalization of over $135 billion, and this excludes the multitude of private blockchain deployments!

Since last year, we have also seen the emergence of new asset classes that are blockchain-powered, exchange-traded fund tokens, and precious-metal backed tokens and derivatives, among others. In short, there’s no limit to what blockchain technologies can support.

If you’re still wondering about the potential of blockchains in dollar terms, the World Economic Forum predicts that 10 percent of the world’s GDP will be stored with blockchain tech in 10 years’ time — representing a $7.8 trillion value in today’s prices.

That’s pretty exciting stuff, I have to say. Step into the future.

Challenges faced by blockchain technologies

There are still challenges that need to be overcome by startups, regulatory sectors, and users. For one, there are the technical limitations that can potentially hinder us from maximizing blockchains.

For instance, while you might think that the current proof-of-work (POW) consensus mechanism used by Bitcoin and Ethereum is a benefit, it actually comes with a cost. There is an issue with the lack of finality.

Bitcoin transactions are final, you say? Not really. The protocol favors availability over finality — this means forks and lone blocks are a possibility, and we have previously observed how Bitcoin projects tend to “fork” whenever there are serious security concerns or when developers have disagreements regarding the standard.

POW is also very energy-intensive, which means nodes spend a lot of money on electrical bills.

Also, blockchains like Ethereum require that developers build smart contracts using their own programming language, particularly Solidity.

Ethereum also other disadvantages, to wit:

Real-world verification: It does not support digital identity;

Speed: It can currently do only 15 transactions per second.

Blockchains are the future, right?

You will be glad to know that blockchains are evolving. In a bid to address these limitations and also evolve the nature of blockchain technology, NEO , which is China’s first original blockchain project, announced the launch of its NEO Smart Contract System 2.0, earlier this month. This also comes along with a re-branding effort from its former identity as Antshares.

Evolving the blockchain with digital identity

The aim is to ultimately support and build a smart economy backed by blockchain technology. While a good number of fintech companies are capitalizing on smart contracts through the Ethereum blockchain, Da Hongfei, co-founder and CEO of NEO, says its technology shows better promise in terms of high certainty, high scalability, and better compatibility across applications.

I had a conversation with Hongfei to discuss the three areas where NEO is addressing the limitations of other blockchain tech:

Support for programming languages

NEO supports faster development and deployment of smart contracts and projects, as it enables developers to build on programming languages already familiar with them. “We provide various advanced languages in the form of compiler,” says Da Hongfei. “Besides .Net and Java, we will support Python and Go in the future which can cover more than 90 percent of developers. Compared with Ethereum, development has more smooth learning curve and shorter learning circle, allowing for fast introduction of projects on NEO.”

Digital identity and integration with the “real” economy

Developers of Bitcoin and Ethereum have highlighted anonymity as one of their platforms’ main features. However, this comes with an inherent disadvantage, which is the integrity of transactions. NEO addresses this by adding digital identity to its capabilities.

With its origins in China, observers believe that this particular feature is beneficial in wider adoption of the technology in the country. Moreover, NEO is said to have the support of regulatory agencies and the business community in general. Beyond China, the main potential is in how NEO can better integrate with real-world applications, particularly those that require confirmation of identity, such as smart contracts.

“NEO aims to integrate itself better with the real economy. Only with the introduction of digital identity can we map offchain assets in a complaint manner,” says Da Hongfei.

Better efficiency and reliability

The numerous security issues that have plagued Bitcoin and Ethereum have led to multiple forks in their blockchain systems, which also necessitated other workarounds to de-bloat the blockchain and fend off DDoS and spam attacks. In addition, the proof-of-work consensus algorithm is very energy-intensive, which is a limiting factor for startups that deal with Ethereum-based smart contracts.

In contrast, NEO uses a delegated Byzantine Fault Tolerance (dBFT) consensus mechanism, which ensures finality of transactions and which supports more transactions at any given time.

“dBFT ensures finality, with availability compromised.” Da Hongfei describes the comparison. However, he says that for purposes of smart contracts, this is more essential than availability.

“POW has strong availability, but it also has a big disadvantage, because it cannot ensure finality. Forks and lone blocks will occur easily. dBFT ensures finality, which means that once a transaction is confirmed by a block, it is confirmed permanently without being rolled back or revoked. In our point of view, finality is far more important than availability in an important financial system. And in practice, dBFT has been running for more than one year without serious network crash.”

In addition, compared to Ethereum’s 15 transactions per second, NEO supports up to 10,000 transactions per second, which is very energy-efficient compared with Ethereum.

What is the future for blockchain tech?

NEO is positioning itself, (alongside Ethereum), at the forefront of blockchain tech with its innate support for digital identity-backed smart contracts, ability to communicate with other blockchain through a cross-chain protocol, quantum resistant cryptography, distributed storage protocol and secure communication protocol. The aim is to build a globalized smart economy, wherein the trust factor between participants is enhanced through digital identity.

Still, Da Hongfei argues that a lot can still happen in blockchain tech, which is particularly exciting for both developers and users who can all stand to gain from the benefits. “Blockchain is still a quickly developing frontier,” he says, adding that NEO will continue to work closely with “developers, our community and even the institutions with whom we work.”