Friday, December 3, 2021

KnowYourCrypto #51: Blockchain security: truth and lies

Hi everyone! Sorry for the little break, but I really needed a break. Apparently this sub doesn't allow me anymore to post the links of my previous posts (idk why, I already contacted the mods). If you need an analysis of the following coins:

  • Algorand (ALGO)
  • Avalanche (AVAX)
  • Axie Infinity (AXS)
  • Basic Attention Token (BAT)
  • Binance Coin (BNB)
  • Binance USD (BUSD)
  • Bitcoin (BTC)
  • Bitcoin Cash (BCH)
  • Cardano (ADA)
  • Chainlink (LINK)
  • Chiliz (CHZ)
  • Cosmos (ATOM)
  • Crypto.com Coin (CRO)
  • Decentraland (MANA)
  • Dogecoin (DOGE)
  • Elrond (EGLD)
  • Enjin Coin (ENJ)
  • Eos (EOS)
  • Ethereum (ETH)
  • Ethereum Classic (ETC)
  • Ergo (ERG)
  • Fantom (FTM)
  • Harmony (ONE)
  • Hedera Hashgraph (HBAR)
  • Helium (HNT)
  • Internet Computer (ICP)
  • Iota (IOTA)
  • Litecoin (LTC)
  • Monero (XMR)
  • MultiVAC (MTV)
  • Nano (NANO)
  • Nervos Network (CKB)
  • Pancake Swap (CAKE)
  • Polkadot (DOT)
  • Polygon (MATIC)
  • Sandbox (SAND)
  • Solana (SOL)
  • Stellar Lumens (XLM)
  • Terra (LUNA)
  • Tether (USDT)
  • Tezos (XTZ)
  • Theta (THETA)
  • Tron (TRX)
  • Uniswap (UNI)
  • USD Coin (USDC)
  • VeChain (VET)
  • Wrapped Bitcoin (WBTC)
  • XRP (XRP)

check out my profile!

What is it?

Security has always been a major premise in favor of blockchain technology. In fact, in a certain sense, security has become the first defensive bulwark of this technology which is now conquering more and more spaces. And it's not for less, Blockchain security is great, but achieving it takes hard work.

"There is no 100% secure computer system"

This is the harsh reality of the computer and the blockchain world, being a computer technology, is not exempt from this rule.

Lie #1: Blockchain techology is not secure

One of the first myths we usually see in the blockchain world is about the inability of blockchain technology. The truth is, this isn't 100% true. Certainly blockchain technology has a high level of security, and even more so if we compare it to any type of industry that relies on centralized technologies, but classifying it as "untouchable" would be a mistake. Bitcoin, the first cryptocurrency in the world has proven us several times that it has mistakes that can be dangerous for everyone. For example, many of its OP_CODES files have been deactivated due to serious security problems, which while not being exploited, have opened the doors to hack that system and damage it a lot. For example, the Netsplit attack in Bitcoin made it possible to knowingly generate double expenses even in transactions with 1 confirmation. This error was known as the Bitcoin-killer, due to the huge security problem of the funds it entailed. However, it was quickly repaired by the community. In this case there are a lot of them, a total of 46 serious bugs reported, and that's just in Bitcoin. There are many blockchain projects that can have more or less errors and all of them are a window to hack them. Then What protects us from the blockchain catastrophe? Simple, the certainty that the community will detect these errors and correct them, as it always has. And in the worst case, in the event that an error occurs that was not detected in advance, the network can always agree to go back to a block where it did not. This in addition to continuous work to develop safety measures that avoid serious problems, and always reliable decentralization, which will allow us to rebuild everything in case of worse. But we can also be sure of something, that a project like Bitcoin (which has accumulated 46 serious errors) is an incredible result, because on the contrary Windows 10 (developed by one of the corporations that dominate the world) in just 4 years accumulated more than 8100 errors.

Lie #2: Every blockchain is decentralized

This is perhaps the worst myth of all, and it's because decentralization is misunderstood (or misused) in blockchain projects. And many projects and companies use the word "Blockchain" to confuse, trying to convey that they are a decentralized network when they are not. For example, Bitcoin is a fairly decentralized network, although many developers believe there is still a long way to go to reach "Safe Zone of Decentralization", that area where Bitcoin users go to their nodes rather than to third parties to carry out their operations. The latter may seem utopian, but it would be the perfect example of absolute decentralization. Bitcoin is still a good example of decentralization. However, if we choose other projects like Ripple, Stellar, Tether, Bitcoin SV, Tron, UNUS, IOTA, Compound, BAT, Theta, ... that decentralization is lost. Yes, these projects are blockchains, some with a great reputation and a very good economic level, but each of them is decentralized like a bank has decentralized. In short, they are projects that use the words "blockchain" AND "decentralization", to mask an almost absolute centralization existing on their systems. And we are not talking about centralization at the development level, but also at the level of nodes, miners and other structures that make it possible to operate. Of course, the security implications at this point are immense. To give an example, there are many who justify that Craig Wright's decision to increase the BSV block size to 2 GB, sooner or later, will have a profound impact on the security and distribution of the nodes of this cryptocurrency, falling into a centralization. constant and tighter, destroying all the security of the blockchain model.

Lie #3: Smart contracts are the definitive programming tool

Smart contracts are seen many times as the greatest advancement achieved thanks to the blockchain, and this view is correct. However, smart contracts are not inherently secure due to running on a blockchain, as many make it seem, on the contrary, a public smart contract is subject to public scrutiny and if there are malicious actors in that audience they can see a vulnerability, they will exploit it for a profit. This is the reality of the DeFi industry today and a reality that has caused a lot of havoc due to the multimillion-dollar robberies that have been carried out through these platforms. The worst thing is that once you upload a smart contract to a platform, deleting it is impossible (if they satisfy that of blockchain immutability), so the error correction process is much more complicated to perform. Meanwhile, the door is open for the hacker and this is an unforgivable security breach. Yes, smart contracts are very powerful, but their security is far from perfect, in fact, we could say that it is still a work in progress, as we can see platforms like Ethereum, where they constantly try to improve their language to allow its development safer from this type of tool.


No comments:

Post a Comment