Since the internet first came into being, security has been a key concern almost every step of the way. From hacks and breaches to identity theft and corruption, staying safe online has been an ongoing battle.
Now, as we enter the age of blockchain and decentralization, things are no different. Threats to blockchain platforms, cryptocurrency exchanges, and smart contracts come from a variety of places and can be devastating if left untreated.
In fact, a number of pretty well-known hacks and breaches recently might lead you to believe that this industry is seriously at risk. It isn’t, but it could also be more secure.
Current security approaches can be a little short-sighted and fail to address a range of different threats. The good news is that we’ve been here before with web applications.
Companies like Checkpoint have been keeping web applications safe for years by monitoring traffic and acting in real time to prevent attacks. If we’re to tighten up blockchain and smart contract security, the solution could lie with something like this, and it’s projects like SafeBlocks that are leading the charge.
First, let’s look at the issues and what’s at stake.
Are smart contracts safe?
Smart contracts, and the decentralized applications that use them, are mostly pretty secure.
While crimes and hacks against blockchain platforms tend to be widely publicized, the technology is very safe and developers take pains to keep it that way. A damaging hack that makes headlines can quite literally destroy a company, so it’s in the interests of everyone to put security front and center.
The main problem with smart contract security is that it can be a little incomplete. Current approaches to the issue focus on things like common vulnerabilities and errors in programming. These are obviously important, but they overlook lots of the issues that tend to pop up when software is actually deployed.
That includes threats from previously unknown vulnerabilities that only become apparent once the dApp is up and running. There’s also the issue of malicious employees, who can use their special access to smart contracts to make a quick buck at the project’s expense.
And how can we overlook the possibility of smart contract keys being stolen by hackers and used to infiltrate the platform? This happened recently with the cryptocurrency exchange Bancor, and cost $13.5 million.
These issues are currently a bit of a blind spot in smart contract and dApp security, because there isn’t much of a framework in place for the deployment and maintenance phase of dApp software.
But as we mentioned already, this is nothing new. Web applications faced the same issue of how to secure and maintain their software after deployment. Their solution? Web application firewalls, like the one by Checkpoint.
These monitor traffic and act quickly to stop threats and keep the application protected in real time, and it works – well. And the same principles can be applied to smart contracts and decentralized apps too.
A WAF for the decentralized world
SafeBlocks’ CEO, Ron Greenbaum, says: “Security is all about control. Either you are in control or you’re not.”
That’s the idea underpinning the SafeBlocks project: that security for smart contracts will come from having control over all the traffic and transactions that take place.
SafeBlock’s platform is in essence a web application firewall for the decentralized world [or DAF]. It monitors transactions and can quickly flag and prevent any unauthorized activity.
Users simply give the software a set of rules [for example, putting a limit on transaction destination addresses, or a maximum withdrawal of tokens a day] and it will work in accordance with these. The program will then validate transactions that take place within these rules.
Plenty of platforms out there offer auditing and review services for smart contracts, ensuring the code is solid and all vulnerabilities are taken care of before deployment. But SafeBlocks is one of the only projects out there that’s looking out for dApps after they’ve been deployed.
It could turn out to be for dApps what Checkpoint’s WAF software was for web applications. It’s certainly sorely needed if the blockchain industry is to promise security to its users.