Introduction
Secureum, a portmanteau of Security & Ethereum and pronounced like the latter, is a newsletter on security topics in Ethereum, where I hope to share my observations, learnings and perspectives. There is a lot of ground to cover in this space. I look forward to engaging with and learning from you all.
I could not think of a better topic to start with than setting the broad context of Web3 security landscape and how it compares to Web2. As cliched as it may sound, I see this as a paradigm shift along many frontiers.
Web3 Security
Web3 is a permissionless, trust-minimized and censorship-resistant network for transfer of value and information. The popular approach to realise Web3 is to build it over a foundation of peer-to-peer network of nodes for compute, communication and storage. In the Ethereum ecosystem, this is a combination of the Ethereum blockchain, Waku (previously Whisper) and Swarm respectively. Privacy and anonymity are big motivating factors in Web3.
If Web2 is a catch-all term to refer to the existing Internet infrastructure, then there are parts of Web3 infrastructure that are being built completely from scratch and some others that are reused from Web2. For e.g., Web3 continues to use Web2 networking protocols of IP, TCP and UDP. DNS continues to be used but there are decentralized alternatives being built such as ENS. Byzantine fault-tolerant consensus protocols which were invented in Web2 distributed systems domain have been adapted to Web3 with the addition of mechanism design principles of cryptoeconomic incentives and penalties.
Web2 programming languages such as JavaScript, Go, Rust and Nim are used extensively in Web3. But the entire domain of smart contracts is new and specific to Web3. Languages such as Solidity and Vyper were created exclusively for Web3.
Smart contracts are “on-chain” Web3 components and they interact with “off-chain” components that are very similar to Web2 software. So the major differences in security perspectives between Web3 and Web2 mostly narrow down to security considerations of smart contracts vis-a-vis Web2 software. Besides technology, there also are significant differences when it comes to organizational and operational approaches to security between the two paradigms.
I highlight ten key aspects impacting Web3 security below:
Open-source & Transparent: Given the emphasis on trust-minimization, Web3 software, especially smart contracts, are expected to be open-source by default. The deployed bytecode is also expected to be source code verified (on a service such as Etherscan). Security by obscurity with proprietary code is not part of Web3's ethos.
All interactions with smart contracts are recorded on the blockchain as transactions. This includes the transactions’ senders, data and outcome. Having complete visibility into the entire history of transactions and state transitions is akin to having a publicly accessible audit log of a system since inception. Furthermore, transactions that are still “in flight” and are yet to be confirmed on the blockchain are also publicly visible in pending transaction queues (i.e. mempools) and lend to front-running attacks.
Unstoppable & Immutable: Web3 applications, popularly known as Decentralized Applications (DApps), are expected to be unstoppable and immutable because they run on a decentralized blockchain network. There should not be any one entity that can unilaterally decide to stop a running DApp or make changes to it. Transactions and data on the blockchain are guaranteed to be immutable unless a majority of the network decides otherwise.
Smart contracts, in general, are expected (by users) to not have kill switches controlled by deployers. They are also expected to not be arbitrarily upgradeable. Both these stem from the Web3 goal of trust-minimization, i.e. lack of need to trust potentially malicious DApp developers. However, this makes fixing security vulnerabilities in deployed code and responding to exploits very challenging.
Pseudonymous Teams & DAOs: Perhaps inspired by Bitcoin’s Satoshi Nakamoto, there is a trend among some project teams in Web3 to be pseudonymous and known only by their online handles. One reason for this could be to avoid any potential legal implications in future, given the regulatory uncertainty in this space. This makes it harder to associate any social reputation as it pertains to perceived security trustworthiness of the product or the processes behind its development. It also makes it tricky to hold anyone legally/socially liable or accountable.
“Trust software not wetware” (i.e. people) is the mantra here. While this may be an extreme view, there are still social processes around rollout and governance of projects which affect security posture. To minimise the role and influence of a few privileged individuals in the lifecycle of projects, there is an increasing trend towards governance by token-holding community members — a Decentralized Autonomous Organization (DAO) of pseudonymous token-holding blockchain addresses making voting-based decisions on project treasury spending and protocol changes. While this reduces centralized points of wetware failure, it potentially slows down decision-making on security-critical aspects and may even lead to project forks.
New Architecture, Language & Toolchains: Ethereum has a new virtual machine (EVM) architecture which is a stack-based machine with 256-bit words and associated gas semantics. Solidity language continues to dominate smart contracts without much real competition (except Vyper perhaps). The associated toolchains which include development environments (e.g. Truffle, Brownie, Hardhat), libraries (e.g. OpenZeppelin), security tools (e.g. Slither, MythX, Securify) and wallets (e.g. Metamask) are maturing but still playing catch up to the exponential growth of the space.
Byzantine Threat Model: The Web3 threat model is based on byzantine faults dealing with arbitrary malicious behavior and governed by mechanism design. Given the aspirational absence of trusted intermediaries, everyone and everything is meant to be untrusted by default. Participants in this model include developers, miners/validators, infrastructure providers and users, all of whom could potentially be adversaries. This is a fundamentally different threat model from that of Web2 where there are generalized notions of trusted insiders with authorized access to resources/assets that have to be protected against untrusted outsiders (and malicious insiders). Web3 is the ultimate zero-trust scenario.
Keys & Tokens: While “crypto” may indeed mean cryptocurrencies to some non-technical observers, it factually refers to cryptography which is a fundamental bedrock of Web3. As much as we unknowingly use cryptography in the Web2 world, Web3 is taking it to the masses. Cryptographic keys are first-class members of the Web3 world.
Without the presence of Web2 trusted intermediaries who can otherwise reset passwords or restore accounts/assets from their centralized databases, Web3 ideologically pushes the onus of managing keys (and the assets they control) to end users in their wallets. Loss of private keys (or seed phrases) is irreversible and many assets have been lost to such incidents. This is a significant mindset shift from the Web2 world where passwords have become far too common, security pundits are tired of bemoaning the use of commonly reused simple passwords, password databases continue to be dumped and password-killing technologies continue to evade us. Web2 passwords here symbolize the role of trusted centralized intermediaries that Web3 is seeking to replace.
Web2 security breaches targeting financial assets (i.e. excluding ransomware and botnets for DDoS) typically involve stealing of financial or personal data which is then sold on the dark web and used for monetary gain. This is getting much harder because of various checks and measures (both technical and regulatory) being put in place (at centralized intermediaries) to reduce such cybersecurity incidents and prevent anomalous asset transfers. When such unauthorised asset transfers do happen, the involved intermediaries may even cooperate to reverse such transactions and make good.
The notion of assets in Web3 is fundamentally different. Cryptoassets are borderless digital tokens whose accounting ledger is managed by consensus on the blockchain and ownership is determined by access to corresponding cryptographic keys. If someone gets access to your private keys controlling cryptoassets, they can transfer those assets to blockchain addresses controlled by their keys. In a perfectly decentralized world, no intermediary (e.g. centralized exchange) should exist that can reverse such a loss — transactions are immutable. Because there are limited response options, preventive security measures become more critical in the Web3 space.
Composability by Design: Permissionless innovation and censorship-resistance are core aspirational goals of Web3. There are numerous stories of Web2 companies that initially enticed developers to build on their platforms only to shut them out later when they were perceived as a competitive threat.
Web3 applications, especially smart contracts, are open by design and can be accessed permissionlessly by end users and other smart contracts alike. This composability lends itself to applications that can be layered on top of others like legos, which is great if everything holds up and new lego toys are reliably built on others. However, this unconstrained composability introduces unexpected cross-systemic dependencies that may trigger invalid assumptions across components (likely built by different teams with different constraints in mind) and expose attack surfaces or modes previously unconsidered. This makes characterizing Web3 vulnerabilities and exploit scenarios very challenging without deep knowledge of all interacting components, constraints and configurations.
Compressed Timescales: It feels like innovation in the Web3 space moves at warp speed. Aspects of transparent-development and composability-by-design are strong catalysts to accelerating permissionless and borderless participation which is further incentivized by Internet-native cryptoeconomic tokens — a perfect storm. This shrinks innovation timescales by orders of magnitude where new waves of experiments happen over weeks or months instead of the years it typically takes within the walled gardens of Web2. It may seem like the only moat here is the speed of execution.
This compressed timescale has a tangible impact on security considerations during design, development and deployment. Corners are cut and short cuts taken to ride new waves of hype. The end result is a poorly tested system that holds millions of dollars worth of tokens but is vulnerable to exploits.
Test-in-Prod: While this may be dismissed by some as a meme in the Web3 space, I believe this has a deeper meaning. A combination of compressed timescale, unrestricted composability, byzantine threat model and challenges of replicating full state for predicting failure modes of interacting components built with rapidly evolving experimental software/tools in many ways forces realistic testing to happen only in production, i.e. on the “mainnet”. This implies that complex technical and cryptoeconomic exploits may only be discoverable upon production deployment.
Audit-as-a-Silver-Bullet: Secure Software Development Lifecycle (SSDLC) processes for Web2 products have evolved over several decades to a point where they are expected to meet some minimum requirements of a combination of internal validation, external assessments (e.g. product/process audits, penetration testing) and certifications depending on the value of managed assets, anticipated risk, threat model and the market domain of products (e.g. financial sector has stricter regulatory compliance requirements).
Web3 projects seem to increasingly rely on external audits as a stamp of security approval. This is typically justified by the lack of sufficient in-house security expertise (point [4]) and accelerated time-to-market (point [8]). While the optics of this approach seems to falsely convince speculators, this approach is untenable for several reasons:
Audits currently are very expensive because demand is much greater than supply for top-rated audit teams that have the experience and reputation to analyze complex projects
Audits are typically commissioned once at the end of project development just before production release
Upgrades to projects go unaudited for commercial or logistical reasons
The expectation (from the project team and users) is that audits are a panacea for all vulnerabilities and that the project is “bug-free” after a short audit (typically few weeks)
Summary
Most of the foundational security design principles and development practices from Web2 still apply to Web3. But Web3 security is indeed a paradigm shift along many frontiers.
In this post, I shared my perspectives on how Web3 security is broadly different from that of Web2 across ten key aspects. Some of these considerations are worthy of a separate deep-dive that I may address in future. Also, this is a non-exhaustive list and I’m sure I’ve missed addressing some other facets.
I hope you found this somewhat useful. Thanks for reading and look forward to your comments and feedback.
To expand upon #9, there's someing fundamentally different about code that's "load-bearing" and that which is on a testnet. I've explored MakerDAO code & the mental image of a parachute continuously came to mind.
It's not feasible to do a super safe test of a parachute by jumping off a chair. There wouldn't be enough wind under it for the parachute to assume it's proper load-bearing shape. Similarly, MakerDAO's system expects a certain crititcal mass of value under it's wings to incentivize keepers & arbitragers to stabilize the system.
Testing in prod is here to stay. For certain systems designed to bear load, there's no other way to test them than under load.
Thanks for sharing this intro, I'll be passing it on to my up-and-coming web3 dev friends.