Developer Mindset - Reading Assignment

#1

Time for a Reading Assignment, this time it’s about developer mindset and how it’s different from normal software development. Read this blog post(https://media.consensys.net/the-mindset-of-a-smart-contract-developer-6bcf7b082411) and answer the following questions.

  1. How does banks protect traditional software from serious hacks?
  2. The writer is somewhat against upgradeable contracts, what arguments does he make?
  3. What comparison does the writer make between smart contracts and Lord of the Rings?
1 Like
#2
  1. I don’t know exactly. Audits, penetration testing, scans, keeping it up to date…
  2. “The fundamental underlying nature of the Blockchain is to not be changed.” So don’t do it too much.
  3. They should be like Helm’s Deep, a vary narrow and only entry way, easy to defend.
1 Like
#3

How does the writer argue that banks protect traditional software from serious hacks?
banks centralised; there are layers of protection, some cards can be cancelled, others are maxed out, plus if a transaction does take place they can be traced and refunded. Whilst smart contracts are one way and final.

The writer is somewhat against upgradeable contracts, what arguments does he make?
Upgrading contracts could cause problems. Smart contract are desired to not change fundamentally towards the actual block chain or forwarded to gateways to action the most up-to-date contract.
basically simple & boring is better than complex and straightforwardness for maximum security

What comparison does the writer make between smart contracts and Lord of the Rings?
It only has one official entryway. This is because if enemies want to get in and plunder it, they need to climb up an extremely high wall, or a very narrow entrance. This design was prevalent in medieval times, as it makes it relatively simple for a smaller group of soldiers with spears to keep an entire army at bay by guarding a single opening.

Therefore the more complicated a smart contract it becomes, and as the complexity increases, so do the number of attack vector. In conclusion keep the smart contract simple so it is easier to defend. (reference “Helms Deep”)

1 Like
#4
  1. customers can cancel their cards, many cards will be maxed out or don’t have balances. The thief cannot spend all money at once.
  2. the fundamental nature of a blockchain is to not to be changed.
  3. Helm’s Deep is a stronghold with only one narrow entrance which is easy to defend. The more entrance it has , the harder it is to defend. Smart contracts should also be simple, more complexity would allow more ways to be attacked.
1 Like
#5
  • How does banks protect traditional software from serious hacks?

Through obscurity - by hiding the details and limiting the access to the information.

  1. Balance is known only by card owner on request
  2. Card information can be modified (a client can block his card upon loss, etc.)
  3. The funds and servers are secured “physically” (vaults, men with guns, etc)
  4. Transactions are monitored and can be arbitrated (so that the money refund happens in case fraud was detected).
  • The writer is somewhat against upgradeable contracts, what arguments does he make?
  1. The immutable contracts are more “fair” and deserve more trust from the users.
  2. The immutable contracts contain less error prone proxy logic (which might be exploited potentially)
  • What comparison does the writer make between smart contracts and Lord of the Rings?

The contract should have as few things publicly exposed as possible. Similar to the castle design (both real and fantasy ones) which limits the number and amount of entrances.

1 Like