Developer Mindset - Reading Assignment

Time for a Reading Assignment, this time it’s about developer mindset and how it’s different from normal software development. Read this blog post(https://media.consensys.net/the-mindset-of-a-smart-contract-developer-6bcf7b082411) and answer the following questions.

  1. How does banks protect traditional software from serious hacks?
  2. The writer is somewhat against upgradeable contracts, what arguments does he make?
  3. What comparison does the writer make between smart contracts and Lord of the Rings?
1 Like
  1. I don’t know exactly. Audits, penetration testing, scans, keeping it up to date…
  2. “The fundamental underlying nature of the Blockchain is to not be changed.” So don’t do it too much.
  3. They should be like Helm’s Deep, a vary narrow and only entry way, easy to defend.
1 Like

How does the writer argue that banks protect traditional software from serious hacks?
banks centralised; there are layers of protection, some cards can be cancelled, others are maxed out, plus if a transaction does take place they can be traced and refunded. Whilst smart contracts are one way and final.

The writer is somewhat against upgradeable contracts, what arguments does he make?
Upgrading contracts could cause problems. Smart contract are desired to not change fundamentally towards the actual block chain or forwarded to gateways to action the most up-to-date contract.
basically simple & boring is better than complex and straightforwardness for maximum security

What comparison does the writer make between smart contracts and Lord of the Rings?
It only has one official entryway. This is because if enemies want to get in and plunder it, they need to climb up an extremely high wall, or a very narrow entrance. This design was prevalent in medieval times, as it makes it relatively simple for a smaller group of soldiers with spears to keep an entire army at bay by guarding a single opening.

Therefore the more complicated a smart contract it becomes, and as the complexity increases, so do the number of attack vector. In conclusion keep the smart contract simple so it is easier to defend. (reference “Helms Deep”)

1 Like
  1. customers can cancel their cards, many cards will be maxed out or don’t have balances. The thief cannot spend all money at once.
  2. the fundamental nature of a blockchain is to not to be changed.
  3. Helm’s Deep is a stronghold with only one narrow entrance which is easy to defend. The more entrance it has , the harder it is to defend. Smart contracts should also be simple, more complexity would allow more ways to be attacked.
1 Like
  • How does banks protect traditional software from serious hacks?

Through obscurity - by hiding the details and limiting the access to the information.

  1. Balance is known only by card owner on request
  2. Card information can be modified (a client can block his card upon loss, etc.)
  3. The funds and servers are secured “physically” (vaults, men with guns, etc)
  4. Transactions are monitored and can be arbitrated (so that the money refund happens in case fraud was detected).
  • The writer is somewhat against upgradeable contracts, what arguments does he make?
  1. The immutable contracts are more “fair” and deserve more trust from the users.
  2. The immutable contracts contain less error prone proxy logic (which might be exploited potentially)
  • What comparison does the writer make between smart contracts and Lord of the Rings?

The contract should have as few things publicly exposed as possible. Similar to the castle design (both real and fantasy ones) which limits the number and amount of entrances.

1 Like
  1. How does banks protect traditional software from serious hacks

Lifecycle for development of suhc applications includes methods to make sure software doesn’t contain bugs and to lower open attack vectors to system. Basically is traditional software protected from hacks on bigger scale also because of factors like: attacker doesn’t know exact amount which hold the card it was stolen (this makes very hard for him to stole complete money from card, because of many tries he need to make to withdraw complete amount of cash), transactions can be reverted and stolen money returned (insurance from insurance companies), attacker doesn’t know which stolen cards actually have any money on them (making them hard to retrieve money from big number of stolen cards, must make many retries)

  1. The writer is somewhat against upgrade able contracts, what arguments does he make?

Upgrading contracts many times introduce errors in new code and opens new attack vectors.

  1. What comparison does the writer make between smart contracts and Lord of the Rings?

Comparison is to create contracts like the stronghold Helm’s deep from movie.
There should be very few or just one entrance, which can be safely guarded.

1 Like
  1. How does the writer argue that banks protect traditional software from serious hacks?
    Expire the credit card, empty the bank account or even retrace and cancel the transaction.
  2. The writer is somewhat against upgradeable contracts, what arguments does he make?
    upgrade will lead to more problems.
  3. What comparison does the writer make between smart contracts and Lord of the Rings?
    Their is only one way to approach the final destination in “The Lord of the Ring” and the way is narrow and hard to go through.
    A simple and straight-forward contract with less lines of code will be more safe because there will be less bugs.
1 Like
  1. Banks respond by having IT processes plus operational processes in place to prevent or minimize the effects of a hacking event. Processes such as blocking a card, monitoring for suspicious activities, card limits, card limits per transaction. also where the attack is on a card-by-card basis. So far more “limited” than say a cryptoattack.
  2. that upgradeable contracts while very important can lead to inconsistencies creeping in over time, unlike a more boring or mundane contract
  3. That having a contract with a one-entry point that is closely guarded is the key point, unlike having many entrances to such a castle/contract.
1 Like

How does the writer argue that banks protect traditional software from serious hacks?
With insurance polices and reimbursing lost funds.

The writer is somewhat against upgradeable contracts, what arguments does he make?
The blockchain is meant to be unchanged and contracts which are changed often will cause suspicion and loss of trust.

What comparison does the writer make between smart contracts and Lord of the Rings?
Smart contracts should be built like Helm’s Deep with only a single heavily guarded entry way.

1 Like