Transparency and security are keywords in cryptocurrency.
The contagion crisis of May and June is a prime example of the cryptocurrency’s shortcomings in this area. Companies such as Celsius and Voyager Digital, both of which have filed for bankruptcy, have made high-risk bets with customer funds. That’s all well and good when customers know about the process. However, it is problematic when everything happens behind closed doors – as was the case here.
The clients of these companies are now facing lengthy bankruptcy proceedings – which will probably take years – in order to get some of their assets back, with nothing guaranteed. If these customers had been able to correctly assess the risks they were taking, it is likely that a part of them would not have chosen these platforms for investments.
Security is another key word. Especially because so many of us do not have the immense technical knowledge necessary to evaluate the intricacies of blockchain technology and make an assessment of the security of a DApp. This is an area in which many have reservations.
Fantom, the Layer 1 blockchain platform, wants to improve the security of its business and has an interesting method to achieve this. The company today announced the deployment of Watchdog, a smart contract security analyzer that automatically checks decentralized apps (dApps) launched on the Fantom Mainnet for vulnerabilities.
The companies that offer smart contract audits charge thousands of dollars, with fees that can go up to $500,000 depending on the size and complexity of the code. As a result, more and more projects had to decide whether to use a smart contract audit or spend financial resources on alternative options.
This is therefore the market that Watchdog is targeting. It aims to provide a tool that continuously monitors smart contracts on the blockchain. Since deploying on Ethereum, Watchdog has saved hundreds of millions of compromised funds and made 9 notable public disclosures.
The announcement of the Watchdog partnership by Fantom is a fascinating development that I noticed. I interviewed Fantom CEO Michael Kong – who was also a guest on the CoinJournal podcast recently – to get his opinion on some of my questions.
CoinJournal (CJ): How important are proper auditing and more transparency for cryptocurrencies as a whole if you want to establish yourself on the financial stage?
Michael Kong (MK): The security of smart contracts should be a top priority for every developer. Both should be considered business-critical software where bugs or bugs are not an option. This is because smart contracts can contain crypto worth millions or in some cases billions of dollars, and even a single mistake can lead to the loss or theft of funds. According to ImmuneFi, a smart contract audit firm, decentralized finance (DeFi) exploits exceeded $1.8 billion from January to July 2022. Cryptocurrencies cannot prevail as long as these security problems are not resolved. Fortunately, there are many new developments that should reduce the number of exploits.
CJ: Do you think that part of the reason why auditing is so expensive at the moment is because the required technical knowledge is so complex and niche?
MK: Yes. Since the security of smart contracts is a difficult area, the number of people with the technical knowledge to properly verify a smart contract is limited, while the number of smart contracts to be verified continues to increase. This means that audits can often take weeks or even longer and cause enormous development costs.
CJ: Was the use of Watchdog pushed by the Fantom users, or was this a decision of the management?
MK: Both. There has always been a great demand for tools that can increase the security of smart contracts in the community, but the Foundation has also recognized the importance, since our background is in the development of tools for analyzing smart contracts. Watchdog automatically checks smart contracts, which can reduce the number of exploits, while reducing the time and cost of analyzing each individual contract. Watchdog therefore represents another layer of security on the Fantom platform.
CJ: Since Watchdog monitors all contracts with a Total Value Locked (TVL) of $10 million or more, could there still be vulnerabilities in lower contracts? And would it be worth it for a malicious actor to take advantage of this?
MK: It is impossible to prove that a smart contract will never suffer an exploit. However, Watchdog will play an important role in reviewing contracts for a variety of potential exploits. This includes many contracts that do not necessarily have a TVL of $ 10 million, and we encourage every project to contact the foundation. However, the main focus is on projects with a high TVL, as these contracts have a lot to lose.
CJ: Many people believe that the crypto industry is a wild west industry with a total lack of transparency. Do you think these people are right, or is the industry on the right track with innovations like these to minimize such hacks and security issues?
MK: One of the advantages of public blockchains is that they provide a complete audit trail from the first to the last transaction. A developer can publicly verify the original source code of his deployed smart contract, which means that it is completely transparent to everyone and can be verified. Nevertheless, there are still many smart contracts that are being exploited, either because individuals fail to perform their own due diligence, or because the exploitation was complicated and subtle, but still devastating. However, tools like Watchdog should help developers create secure smart contracts.
CJ: What would you say to crypto users who haven’t used Fantom yet but are considering it?
MK: The development on Fantom is very similar to the development on Ethereum, but transactions are confirmed much faster and cheaper. While a smart contract transaction on Ethereum can cost $50, the equivalent on Fantom can be $0.50. This is because Fantom has a unique consensus protocol that allows transactions to be confirmed asynchronously (i.e. multiple transactions are confirmed at the same time) and only one block confirmation is required for finality. Please visit docs.fantom.foundation and get started.