A Risk-based Approach to Smart Contract Security

A Risk-based Approach to Smart Contract Security

Smart Contracts are important cornerstones in the automation of business processes and other interactions. The promise of smart contracts to accelerate processes with automated execution under certain conditions paints an exciting picture of lean and clear business processes. Nevertheless, as all types of software, smart contracts are prone to security vulnerabilities.

MilesGuard takes a risk-based approach to smart contract security, giving business context and execution first row seats in your cybersecurity strategy.

Introduction

Since the first software program, malfunctions and errors have been part of the engineering process. The first bug was discovered in 1947 by Grace Hopper: famously, it was an actual bug trapped in a computer. 1 While for a long time program errors have been focussed on the smooth operation of computers, security concerns have skyrocketed since the advent of the internet. This is mainly due to the increasing connectivity of devices.

Smart contracts aim to automate business processes and other interactions through automated execution. As any other piece of software, they are prone to bugs. Viewed through the cybersecurity lense, a classification can be done in terms of bugs affecting data in three categories: confidentiality, integrity and availability. For smart contracts, all three categories are relevant. First of all, a robust, trustworthy smart contract is expected to guarantee the confidentiality of its data. Often smart contracts implement a need-to-know strategy with regards to data. Role-based access control ensures that data is only shared as needed in each transaction. But how can we make sure that the intended concepts are actually implemented in the delivered software product? Security audits aim to address this issue, ideally with review processes involving independant, external third-parties.

But not only confidentiality is crucial for trustworthy smart contracts. When it comes to availability of the data and the service, there are often strong requirements as well. There are also concerns on how to handle system downtimes. Finally, the integrity of data needs to be uncompromised during operation of a smart contract. Security vulnerabilities or bugs can affect all these areas and have a large impact on the business value of smart contract companies. Who wants to use a product for contracts that is not trustworthy?

A Challenging Field for Cybersecurity

Players in the smart contract space range from small startups to large companies with a track record in the software industry. However, one critical security vulnerability can instantly destroy the reputation of a software product in the smart contract space where security is an essential component in the decision making process of customers. One example of this is the batch overflow vulnerability in an ERC20 Smart Contract from 2018 (CVE-2018-10299). The vulnerability is based on an implementation error in the batchTransfer function of the contract. It allows users under certain conditions to make limitless transactions. The core of the vulnerability is a data type overflow error. These types of errors can be hard to detect (and hard to exploit), but they can instantly destroy the reputation and the functionality of the smart contract and thereby the business model as well.

For startups and smaller enterprises, cybersecurity is more challenging than for larger enterprises who already have dedicated cybersecurity teams. Startups need to provide functionality as fast as possible. The focus is on delivering the product and cybersecurity is necessarily only a secondary concern in most cases. Often, it will be introduced at a later stage going against the general recommendation of “shifting left”. 2 Nevertheless, the impact of security vulnerabilities on the customer relation is larger for smaller enterprises and startups. In addition, the costs of introducing a secure software development lifecycle late, tends to be much higher than starting with even rudimentary measures early on.

Threat Modelling

The threat modelling technique was first introduced by Microsoft and can be applied to address the security needs of almost any system. It is based on identifying the assets that need to be protected. Those and the business risks related to them are special to each software product and the people working with it. Different people may have different opinions about the risks and their impact. The technique aims to identify assets and related risks. During the process an evaluation of each risk will be performed giving the business context priority in the cybersecurity strategy.

At MilesGuard, threat modelling is an early stage in addressing cybersecurity. The benefits are:

Threat modelling is not only used to identify the assets that actually need to be protected (and how it can be done), but also to talk about details of the software architecture and the development process in general. A 360 degree view on cybersecurity takes all phases of the software development lifecycle into account and aims to establish processes that support developers in shipping secure software. Threat modelling is a great first step towards a successful risk-based, long-term cybersecurity strategy.

Typical first steps for a risk-based smart contract cybersecurity strategy with MilesGuard are

  1. Initial call (Introduction, Formulation of requirements)
  2. Threat Modelling workshop (1h-4h with all stakeholders)
  3. Delivery of Threat Modelling report (results from the workshop and recommendations for next steps)
  4. Implementation of a cybersecurity strategy based on risks identified

Summary

Cybersecurity for smart contracts is essential. A succesful cybersecurity strategy in this context needs to adress all components of cybersecurity: confidentiality, integrity and availability. MilesGuard takes a risk-based approach, ideally starting with a threat modelling workshop covering both business assets and software architecture.

Make an appointment today to talk about first steps towards your risk-based smart contract cyber security strategy.