Smart Contract Security

As ethers drain from the The DAO, it is time to consider the architecture of a smart contract blockchain platform appropriate for commercial deployment. Despite extensive security reviews and countless developers examining the source code, including the creators of both Ethereum and Solidity, it is still not possible to write a bug-free Solidity contract of only a few hundred lines. The predictable outcome is a staggering public heist of $50 million and counting.

The original vision of Ethereum is undeniably brilliant. It extended the robust design of Bitcoin’s blockchain with a stateful, Turing-complete programming language, allowing developers to build arbitrary distributed applications. But therein lies the problem: software is naturally buggy. Building high-quality software takes great attention to detail, plodding methodologies, carefully defined programming languages and a suite of mature development tools. To its credit, the Ethereum community has now recognized the urgency of developing better languages and tools for writing Solidity contracts. But as currently designed, the Ethereum platform is not suitable for commercial blockchain applications.

The Symbiont Smart Contract system supports a more advanced suite of languages and tools for contract development. We recognize that software is flawed and provide defense-in-depth for inevitable security flaws. We are already implementing many of the tools and techniques that Ethereum is eager to research. As a private blockchain for commercial applications, we also support arbitration between parties through normal legal and regulatory channels. Our smart contract system can automate and improve existing business processes, but it will always operate in the context of existing legal and regulatory frameworks.

Because Ethereum does not have a mechanism for dealing with security flaws in contracts, they are considering the controversial move of altering an immutable ledger. While this may resolve The DAO disaster, everyone agrees this is not the way to handle future security breaches. It is likely the core architecture of Ethereum must be reconsidered to put security above all other considerations. Though Ethereum deserves credit for making smart contracts a reality, only Symbiont’s smart contracts system is built from the ground up to support the critical security needs of business applications.