ECIP 1052: Smart-contract Security Auditing core Source

AuthorDexaran, [email protected]
StatusDraft
TypeMeta
Created2018-12-31

Abstract

The following describes a smart-contract development security enhancement method, its implementation and the underlying funding mechanism as well as a possible unique feature and use case of Ethereum CLassic project.

Motivation

Smart-contract development security is critical for the whole crypto industry and for Ethereum Classic in particular. We know the precedents of large contract hacks, which led to the loss of large amounts of funds as well as undermining confidence in the industry as a whole. For example TheDAO hack, Parity Multisig hack 1, Parity Multisig hack 2, ERC20 vulnerability led to the loss of millions of dollars.

As an information security engineer, I can say that formal verification, better coding standards, new programming languages, and other automated tools cannot significantly improve the fault-tolerance of smart contract systems.

On the other hand, the smart contracting industry still needs security improvements and decentralized, immutable, chain-agnostic environment which will ensure and preserve contract development/auditing history. I propose to establish a team of professional security auditors that will work to enhance the security of smart-contracts (for ETC or for the whole industry).

Advantages:

  • ETC is definitely a proper immutable, decentralized, chain-agnostic environment which can serve the above goal.
  • ETC benefits from smart-contract security enhancement too, as ETC is a smart-contract development platform.
  • The total value of the entire cryptoindustry rises, which is also benefitial for ETC.
  • Unique use case for Ethereum CLassic blockchain, which can increase the network effect and boost the growth of the project and ecosystem.

Specification

We must not rely on blockchain technology to verify smart-contracts. We can only use it to provide a registry of audited contracts, publish and manage results of smart-contract audits.

Security auditing team

alt text

The detailed description of Security Auditing organization can be found here: https://github.com/EthereumCommonwealth/Auditing

There are two types of participants in the described organization: managers and auditors.

The main task of a manager is to control and verify the work of the auditors.

The main task of an auditor is to review a code of smart-contracts and submit reports. Auditors receive karma for reviewing contracts. They also receive penalties for making mistakes. The statistic reflects each auditors results and determines their reward.

The audit process will be managed through github so that it will be transparently available for everyone. A smart-contract developer should open an issue to submit his smart-contract for auditors review. Then the manager will verify security audit request details and mark the issue as approved. The manager should not mark dummy requests, requests that aim to spam the security audit queue or any requests that does not met coding standard requirements. After that, every auditor can start reviewing the code.

An auditor with a willingness to participate in the code review of a certain contract must create a private gist and send gist URL to the corresponding issue manager by email. E-mail address of each manager or auditor is transparently available at the smart-contract of this organization.

Security Auditing organization governance.

Currently, the security auditing organization relies on Treasury proposal and rights delegation mechanism.

  1. Treasury voters owners establish the payment schedule for security auditing department, thus delegate the governance rights to the security auditing manager.

  2. Security auditing manager distributes the received payment between the auditing team members.

  3. If Treasury voters are not satisfied by the workflow of security department then they must fire the security auditing manager.

It is planned to automate the security auditing team workflow with a SecurityDAO smart-contract in 2019 however the contract is still in development. Security DAO smart-contract is not a critically important detail of this proposal.

Outcome

As the result of the functioning system we receive a well-defined process of smart-contract security auditing. Each smart-contract is reviewed by at least 3 professional security auditors. Security audits are completely free-of-charge for smart-contract developers, thus every smart-contract developer is capable of ordering a security audit before deploying his/her smart-contract.

  • Security Auditing organization structure has a working implementation in Callisto Network.

  • 113 succesful security audits were performed during 2018.

  • According to Callisto Network statistics for 2018, this costs the ecosystem approx. $4000/month. I think that this is a reasonable price which should be paid to prevent such accidents as TheDAO hack and other hacks which caused much more losses.

Requirements

This requires Treasury Proposal implementation.