What went wrong? Part 3 – Kier Finlow-Bates
In Part 3 we look Keir Finlow-Bates examine some failures in the DeFi world, looking at how they happened and how the community has responded. As we continue the journey of blockchain from Part 1: fundamental principles behind blockchain, decentralised ownership and Part 2: focusing on the software industry and quality.
What Went Wrong?
The first one is, “bad password security.” This one’s a Bitcoin one and it goes back to about 2013 or so where someone had the great idea that remembering Bitcoin passwords is very difficult because they are 256-bit numbers. That’s a lot of ones and zeros to memorise. But they noticed that this computer function was used in Bitcoin, something called the SHA-256 hash. It’s a function that takes as its input, any kind of data. It outputs a 256-bit number, and that 256-bit number behaves like a random number.
You can’t predict in advance what it’s going to be but if you put the same data in, you get the same 256-bit number out, and simply it’s irreversible. If someone gives you a 256 number, it’s impossible to come up with some kind of data that you would need to put into this SHA-256 function in order to get that number. They thought this was great. You can take a simple, easy to remember passphrase, put it into the hash function and get a 256 number out.
That is conveniently what a Bitcoin private key is and they call this a brain wallet and it means you can carry your password around in your head. It turns out this is a very bad thing to do because people are not very good at coming up with truly random pass phrases.
So instead of your password being a random number between zero and two to the power of 256, which is huge and therefore can never be guessed. You’ve shrunk the set of possible pass phrases down to something that can actually be searched with a computer. In computing terms, the entropy has been massively reduced.
It becomes very predictable.
What happened was that some people picked really bad pass phrases. For example, one someone picked up is the passphrase, “Bitcoin is awesome” and that got guessed and 500 Bitcoins got drained from their bitcoin address.
“You don’t win friends with salad!”
Another one was the phrase, “you don’t win friends with salad.” That one actually doesn’t have a terrible ending. The account had 157 Bitcoins in it. Only three were taken and they were returned by the person who took them. They just wanted to teach a lesson to the person who used this passphrase. The phrase, “you don’t win friends with salad” actually comes from a Simpsons episode.
So that’s why, although on the surface of it, it sounds really, really random. It’s not random. Someone just had to take the scripts from the Simpsons and run them through a password Cracker, and that allowed them to find the private key and then steal the Bitcoins. We see that this is a similar problem of past bad password security in non-blockchain cases as well.
Hacker Vs Government
The most famous recent one is the solar winds hack where a company that made security software that relied on by Microsoft and the Pentagon and all sorts of government agencies got hacked. It turns out that somebody had created a backdoor password for them to test the system and they’d use the password, “solarwinds123” and the company’s called Solar Winds.
It doesn’t take much password cracking to come up with that one as an independent hacker. That’s an example of a Bitcoin failure-based combat password security.
Ethereum and Smart Contracts
The next ones are to do with Ethereum and smart contracts, and maybe it’s worth having a brief chat about what smart contracts are.
What are smart contracts?
People say that they’re not smart and they’re not contracts. Software developers say they are just small programs or pieces of code that you deploy to a smart contract blockchain such as Ethereum and the nodes then run them as in when circumstances dictated. So, they’re little programs sitting on the blockchain and they can get triggered when people submit transactions to the blockchain that refer to them.
One of the really neat things about smart contract blockchain systems is that they allow computer programs to own digital assets the way that Bitcoin allows human beings to own digital assets. So, you on Ethereum, you as a person can own Ether, which is equivalent to Bitcoin on Ethereum.
At the moment, it has
a market value of about $3,000. But Ether on Ethereum, you can actually transfer that value to a computer program, a smart contract, and then the program will do with those funds as it sees fit according to the code that the developer deployed.
In a sense, that’s quite a revolutionary idea.
It’s as revolutionary as the idea of limited liability companies which in law have standing as entities or people. In the blockchain world, smart contracts can act like human beings and they can own stuff and they can do stuff with the things that they own. The other thing that smart contracts can do is they can instantiate data structures and those data structures can include things like tokens, such as non-fungible tokens, or other kinds of “cryptocurrencies.”
Distributed Autonomous Organisation
So very flexible, very interesting things also open up the door for all sorts of disasters.
The first one to look at is something called the distributed autonomous organisation or ‘DAO’ and it was a set of smart contracts that you could deposit Ether into. It worked like a venture capitalist fund where the people who’d put Ether into it could vote on handing that Ether over to projects that they wanted to fund.
It’s like a VC firm without a CEO or anybody in charge. It’s a democratic funding system. There were a few bugs found that got fixed and then a really big bug showed up. At the point that the really big bug showed up, about 12 million ethers were deposited, which at the time was worth about $150 million.
As you can see, we’re not talking about small amounts of money. The bug is to do with a code audit failure, even though the code had been audited many times. The developers missed the fact that there was a technique that allowed people to withdraw more money than they put in.
The ATM Bug
A good description of this bug is an ATM bug. If you go to a cash machine and you put your card in and you have money in your bank account, the cash machine checks what the balances is and looks at how much you’re asking to withdraw. As long as the amount you’re looking to withdraw is less than the balance of your bank account, it lets you withdraw it.
Now imagine an ATM that only checked your balance once and then allowed you to request again and again to withdraw cash, that would allow you to withdraw more cash than you had in your bank account. Let’s say you have a £100 in the bank account. You put your card in and you start withdrawing £50. It checks once that you had a £100 and says, “yes here’s £50.” Imagine if you could key in, ‘I want to withdraw another 50’ another 50, another 50. It doesn’t go back each time and check that you have a lower balance. It still assumes that you had the original £100 and just keeps feeding out £50 notes.
That’s what happened to the DAO and a hacker managed to drain about 4 million of the Ethers. The result of that was that the community went into a bit of a tailspin. They had some huge discussions and they actually decided to roll back the history of the Ethereum blockchain. Not everybody agreed and it actually split the blockchain in two, but the majority rolled back.
Moving onto the next case, which is the parroting multi-signature wallet fiasco, and this one was a code deployment failure.
The code had been audited. The code was effectively an online smart contract wallet that allowed people to deposit their funds into a wallet account. It could only be withdrawn if multiple people signed it. So, it works a bit like a company bank account where the CEO and the CFO have to sign off on checks.
Companies have these things to stop rogue CEOs from buying Lamborghini’s with company funds. Now the problem with this one was when the code was deployed and ordered. It was all great, but they forgot when they deployed the code and the code had something called an “owner.”
There was an initialisation function when the code was deployed, the first person to run that function got set as the owner of the contract. There were a bunch of functions in the contract that only the owner could run. One of those functions, and this is another thing that they made a mistake on was what was called a ‘kill function’ that stopped the program from ever being able to be run again.
A random person on the internet just went by the hand of the devils online and found that the contract hadn’t been claimed, claimed the ownership and then ran the kill function. That froze all the funds that were in the wallet. Again, we’re talking about hundreds of millions of dollars’ worth of Ether at the time. This time there wasn’t a rollback, and those funds are still locked and there is no way they will ever be retrieved. So that’s the code deployment failure rather than a bug in the code itself.
NFTs A.K.A Non-Fungible Tokens
Now moving onto non-fungible tokens because they’re quite hot at the moment and this one was what we might call an, “interface failure.”
There’s a standard for non-fungible tokens called ERC71. What the standard requires is that your smart contract has the right interface and needs to have a transfer function. It needs to have a minting function. It needs to have a function that gives you permission to allow other people to transfer a token on your behalf and so on.
So as long as you write some code that has the correct looking interface, then to everybody else it will look like a non-fungible token contract. You can list it on some of these sites that allow you to trade non-fungible tokens. The issue here is something that is known as ‘sleep minting’, which is where you write a non-fungible token smart contract that creates one of these NFTs.
But the backend code isn’t what people would expect. You put a back door in that allows a specific address to also transfer the token, not just the token owner. It turns out that the NFT websites don’t have either the skills or possibly the time or possibly both to review every single contract that is deployed on the Ethereum blockchain.
They just put up a disclaimer that says, “we haven’t verified this contract.” If you do want to engage in trading with this, it is up to you to go and check that it is a genuine ERC71 token without a backdoor. This is kind of like having a car with a digital key. When you sell the car, you change the digital key too so that the new owner is the one who owns it. But you keep a secret backdoor key so that you can go along later and use that key to steal the car back again.
The fact is of course that the average person cannot go and audit a smart contract code. Even competent solidity developers, smart contract coders are not going to find this a trivial thing to engage in. Certainly, nobody wants to go and audit a smart contract code every time they go and use a smart contract, just in the same way that nobody wants to read all 27 pages of the terms and conditions click through when they want to use a piece of software.
In practice people just get on with it.
The issue here is that some of these tokens are selling for tens of millions of dollars. Some of these smart contracts are locking up nowadays billions of dollars’ worth of cryptocurrency. Yet we just happily go ahead and most of the time misuse these things.
This is the problem in the non -fungible token marketplaces. It is that you have no real guarantee that the token that you are buying, can’t be secretly removed from your wallet. You would have to order the code. The second problem that we have is that some of the websites misrepresent the information.
If you go and look it up and see, it claims that the token is minted by the first address that it goes to. You can find an article from Keir’s LinkedIn account where he shows that it’s possible to mint a token as though it was made by a famous online NFT artists. When in fact it could have been made by Keir. So, these are the problems we face when these blockchains are presented to ordinary users through interfaces.
You don’t know whether or not you can trust the interface. Again, this is a problem we see in the traditional world of software as well. When you go to a website and you think it’s a genuine website, but somebody has changed the letter in the domain to sort of look like it’s an i,but it’s an i with an accent on it. You think you’re going to Microsoft, but you’re going to “M í CRO SOFT”. You know your web browsing session is being hijacked in a sense.
To sum up.
What can we take away from this?
There are now billions in value locked up in blockchain systems in the form of cryptocurrencies and in the smart contracts. In fact, we’re over a trillion now in terms of what some people call market capitalisation for blockchains and cryptocurrencies. Because it’s decentralised, if your funds are stolen from you, you don’t have anybody to turn to in order to ask for the transaction to be undone.
The systems are so complicated that the average person or even experts can’t really audit the full system. It’s too complicated and sometimes the code isn’t even available for you to go and look at. So really, it’s the Wild West out there and we don’t even have any sheriffs in town yet. That’s kind of the warning, when you’re investing or speculating or trading in the blockchain world, you have to remember that it’s not the tamed regulated world that we have for traditional finance.
It’s not gambling, but there are just extra risks that are involved.
You have to keep that in mind.
If you’re really interested in understanding the nuts and bolts of this, Keir’s book, “Move Over Brokers” covers a whole bunch of these things and is an entertaining and educational read. There are also plenty of articles online as well to go and look up.
Link to book: https://mybook.to/moveover