Transparency and security are key words in cryptocurrency.
The contagion crisis of May and June is a prime example of crypto’s shortcomings in the former area. Firms such as Celsius and Voyager Digital, both of whom have filed for bankruptcy, took highly risky bets with customer assets. This is well and good if customers are aware of the process, but the problem comes when everything is carried out behind closed doors – as this was.
Customers of these firms now find themselves facing lengthy bankruptcy proceedings – which will presumably take years – in order to get some of their assets back, with nothing guaranteed. Had these same customers been able to properly evaluate the risks they were taking, it is likely a portion would not have chosen these platforms to invest with.
Security is another key word. Especially given so many of us do not possess the immense technical knowledge required to evaluate the intricacies of blockchain technology and make an assessment on the security of a dApp, this is an area many have reservations about.
Fantom, the layer-1 blockchain platform, is aiming to increase the security of its business, and has an interesting method to help this. It today announced the deployment of Watchdog, a smart contract security analyser, which will automatically audit decentralised apps (dApps) launched on the Fantom Mainnet for vulnerabilities.
Despite the necessity of audits, the costs associated with the process are lofty. The companies that offer smart contract audit services charge thousands, with fees rising up to $500K depending on the size and complexity of the code. As a result, an increasing number of projects have had to choose whether to opt for a smart contract audit or to devote financial resources to alternative options.
This is the market Watchdog targets therefore. It aims to provides a tool that continuously monitors smart contracts on the blockchain. Since deploying on Ethereum, Watchdog has saved hundreds of millions of vulnerable funds, and made nine notable public disclosures.
Fantom announcing the Watchdog partnership is an intriguing development and one that caught my eye. I interviewed Fantom CEO Michael Kong – who also came on the CoinJournal podcast recently – to get his thoughts on some questions I had.
CoinJournal (CJ): How important is proper auditing and increased transparency for cryptocurrency as a whole, as it hopes to continue to establish itself on the mainstream financial stage?
Michael Kong (MK): Smart contract security should be the number one priority for any developer. Both should be considered mission critical software, where errors or bugs are not an option. This is because smart contracts can hold millions, or in some cases, billions of dollars worth of crypto, and even a single mistake could lead to funds being lost or stolen. According to ImmuneFi, a smart contract auditing firm, exploits in Decentralized Finance (DeFi) applications exceeded $1.8 billion from January to July 2022. Cryptocurrencies cannot become mainstream until these securities issues are fixed. Fortunately, there are a lot of new developments occurring that should reduce the number of exploits.
CJ: Do you think part of the reason auditing is so expensive at the moment is because the technical knowledge required is so niche and complex?
MK: Yes. Since smart contract security is a difficult field, the number of people with the technical knowledge to properly review a smart contract is limited, while the number of smart contracts to be reviewed continues to grow. This means that audits can often take weeks or even longer to complete, and are a huge development cost.
CJ: Has this move to deploy Watchdog been driven by Fantom users, or this a decision driven by management?
MK: Both. There has always been a lot of demand for tools that can increase smart contract security by the community, but the foundation also recognises its importance as our background was in developing tools to analyze smart contracts. Watchdog automatically reviews smart contracts, thus potentially reducing the instances of exploits, while also reducing the time and cost of analyzing each individual contract. Watchdog therefore represents another layer of security on the Fantom platform.
CJ: With Watchdog monitoring all contracts with total value locked (TVL) of $10 million or more, will there still be a chance that vulnerabilities could exist for lesser contracts? And would it be worth a bad actor’s time in pursuing this?
MK: It is impossible to prove that a smart contract will never have an exploit. However, Watchdog will play an important role in checking contracts against a wide range of potential exploits. This will include many contracts that don’t necessarily have a TVL of $10 million, and we encourage any project that wishes to use Watchdog to reach out to the Foundation. However, a big focus has been on projects with a high TVL, as these are contracts that have the most to lose.
CJ: A lot of people tar crypto with the image that it is a wild-west industry with a total lack of transparency. Do you believe that those people have a point, or is the industry on track with innovations such as these to minimize such hacks and security issues?
MK: One of the advantages of public blockchains is they are a full audit trail from the first transaction to the most recent. A developer can publicly verify the original source code of their deployed smart contract, meaning that it is fully transparent for anyone to review. Nevertheless, there are still a lot of smart contracts that get exploited, either because individuals fail to do their own due diligence, or because the exploit was complicated and subtle, yet devastating. However, tools such as Watchdog should help developers to create secure smart contracts.
CJ: What would you say to crypto users who have not used Fantom before, but are considering getting involved?
MK: Building on Fantom is very similar to building on Ethereum, yet transactions are confirmed much faster and far cheaper. Whereas a smart contract transaction may cost $50 on Ethereum, the equivalent on Fantom could be $0.50. This is because Fantom has a unique consensus protocol that allows transactions to be confirmed asynchronously (i.e multiple transactions are confirmed simultaneously) and only one block confirmation is required for finality. Please go to docs.fantom.foundation to get started.