As the use of blockchain becomes more and more prominent, and undoubtedly an integral part of the future, it is important to both acknowledge its advantages and be aware of the challenges it brings with it.
One of the key features of blockchain is modularity - the ability to build complex functionalities using multiple contracts and protocols. While this feature plays an important role in expanding possibilities for blockchain users, it also raises major challenges, such as complexity, exposure to risks, and difficulty in predicting the outcome of a transaction.
The Security Challenge
The practical implication of creating complex functionality in blockchain often means using external modules, such as oracles, bridges, 3rd-party libraries, SDKs, and other protocols. This creates a significant security challenge, since with greater complexity there is an increased risk of interacting with or depending on a vulnerable module. Additionally, the increased complexity impacts understandability, making it difficult to understand all the relevant aspects and implications of a transaction.
Take, for example, Xave Finance exploit, where the attacker was able to transfer ownership of several contracts due to reliance on vulnerable Gnosis DAOModule (Reality module). Another example is the attack on Wintermute, where the admin private key was compromised through the Profanity vulnerability, which was discovered in a library used to generate vanity addresses.
The Dependency Challenge
Most people interacting with digital assets or building in Web3 don't really know what needs to be monitored or where the potential risks might be.
An obvious candidate for monitoring is the contract directly being interacted with, the transaction destination. This monitoring, however, is insufficient, as there are usually multiple other contracts being called and interacted with during the course of transaction execution which needs to be monitored as well.
Additionally, in many cases, there are a lot of different tokens or contracts that might affect the risk exposure, even if they don’t participate in the transaction. For example, when you invest in a liquidity pool, it is important to monitor the governance contract of the pool’s protocol as well.
Another example would be a token used as collateral for another token you are monitoring.
Thus, any system that purports to monitor security and risk exposure must also understand all dependencies in an automated manner.
The Understandability Challenge
Since a complex transaction usually interacts with many other contracts (and even a seemingly simple one if it depends on external factors), another possible challenge that might be encountered is the difficulty of predicting what the outcome of a transaction will be before it is carried out.
Even if you’ve whitelisted the contract you desire to interact with, the full path and the outcome of your transaction might remain unclear because of this complexity.
The Team Finance exploit transaction. Sometimes a single transaction harbors a labyrinth of dependencies.
These challenges raise the clear need for a solution capable of both detecting the full range of risks that threaten the entire chain with all its components, and being able to analyze a transaction before its execution, predict the outcome, and create an alert on potential dangerous actions.
This is where Hypernative comes into play. Our solution is designed to help you use blockchain safely by alerting you (proactively and in real-time) about suspicious activities that might affect you and allowing real-time mitigation and detection of potential vulnerabilities and risks in your own transaction pre-execution.
For more information about the Hypernative platform, please contact us at firstname.lastname@example.org