Far too many people have been asking me lately: “Doesn’t Ethereum have security problems?” Sure, ok, this is no doubt related to the most recent Parity Multi-Sig bug. At least, that’s what I had been telling myself.
There must be more to it though, because I’m getting this question from people who have never even heard about – devops199 – GASP! Needless to say, having to bring the incident up isn’t helping Ethereum’s case any…
Whoa, did you just see that?! Even Gwei can wander down that road – and it’s a slippery slope indeed. It’s an alluring chain of thoughts – acknowledging a third-party mistake and then holding that against the platform itself.
It’s dangerous – and it is as wrong as it is enticing.
I don’t want what’s in your “crypto hodling bag” to distract you too much from this little exposé. To remain completely, entirely, and utterly neutral – I’m going to use only generic digital assets to understand why people are getting this so wrong. Allow me to introduce: coin B, and coin E.
Don’t worry, later on my argument and choice of variables will seem obvious.
Let’s start with coin B, because – you know – it came first… uh, in the alphabet. This coin operates using a distributed ledger – a blockchain. That blockchain is secured via proof of work (POW). Coin B’s blockchain and POW are considered secure because the coin B network is sufficiently distributed and free of bad actors to prevent chain modification. More importantly: the hashes, protocols, and methodologies employed throughout coin B are all thought to be generally secure by people smarter than Gwei.
Ostensibly, people value this security a great deal because of what it allows them to do with their coin B. Coin B only allows two functional possibilities. Either someone with coin B can: 1) Store coin B on the blockchain without fear that it can be taken by anyone without the private key OR 2) Use coin B to send value from one party to another using this secure distributed network. Coin B owners will tell you as often as you will listen: coin B is secure. Which is shorthand for… secure math, secure network, secure chain.
So, the gist of what they mean when they say coin B is secure is that… it is extremely safe for them to store and send coin B as long as they are in control of their own keys.
If they tell you that coin B is safe and sound on an exchange, they are simply guessing. They cannot be sure that the exchange is safe, because the exchange is not open source. Same holds true for some random unaudited software wallet they find on the internet. To take advantage of coin B’s safety, they have to remain in control of the keys that allow them to control coin B on the blockchain.
Ok, coin E is very much like coin B. In fact, I could almost copy-paste the first paragraph from coin B to coin E. Actually, I think I will…
This coin operates using a distributed ledger – a blockchain. That blockchain is secured via proof of work (POW). Coin E’s blockchain and POW are considered secure because the coin E network is sufficiently distributed and free of bad actors to prevent chain modification. More importantly: the hashes, protocols, and methodologies employed throughout coin E are all thought to be generally secure by people smarter than Gwei.
Coin E lets people do those two things that Coin B is so beloved for:
1) Store coin E on the blockchain without fear that it can be taken by anyone without the private key OR 2) Use coin E to send value from one party to another using this secure distributed network.
BUT it adds: 3) Use coin E to interact with smart contracts on the blockchain.
People aren’t quite convinced that Coin E is secure. This clearly has something to do with the only functional difference between the two coins. Function 3. People are scared of this smart contract capability. They will tell you in hushed voices that smart contracts increase the “attack surface” of coin E. Are they wrong?
wrong misguided. Smart contract interaction is not an obligatory feature of coin E. It is an optional feature. Smart contracts do not go rogue and compromise addresses that have never interacted with them. The smart contracts cannot touch any coin E without being given permission by the respective key holder.
IF – IMPORTANT IF – someone never wanted to interact with a smart contract, then they could erase option three from their mind. Coin B and Coin E could be reduced to functional equivalency by the elimination of the smart contract possibility at the user’s end. Remove the functional difference, then, and coin E would be as secure as coin B.
The flip side is that when a user chooses to interact with smart contracts using coin E – then, and only then – they do increase their personal attack surface.
Smart contracts can be vulnerable because of human errors. These smart contracts are open source. But, if the user is unable or unwilling to audit the code, then they are not trusting only the mathematics and peer-review of their underlying crypto asset. They are placing trust in the third-party contract they are interacting with.
Is it dangerous to have a choice? Does being given an option to assume additional risk translate to “security problems”? Is that what makes coin E, exclusively, less secure? Remember your answer!
Coin B users also have the option of assuming additional risks! Any coin B user may assume the risk of trusting a third party to hold their coins on an exchange or a third-party wallet.
In the end, with any secure digital asset: user-level “attack surfaces” can spawn from a lack of understanding or a lack of due diligence. Just because a user can increase their personal “attack surface” doesn’t make the system on which the crypto asset is built an insecure system! If it did, then coin B would have to be considered insecure, too.
Now, for something else that you probably never saw coming: Coin B was actually Bitcoin, Coin E was really Ethereum.
If an Ethereum user wants to limit their personal attack surface to that of a Bitcoin user, then they are free to treat Ethereum as functionally equivalent to Bitcoin. For a user buying, holding, sending, receiving – all while in control of their own keys – a “security problem” on either chain is highly unlikely.
Why own Ethereum as opposed to Bitcoin then, if a person only cares about the functionality both coins have in common? Ethereum’s network just happens to be much faster and much cheaper for those use cases; some people appreciate that. And, to be sure, some people actually do want to interact with smart contracts despite the risks involved with trusting third parties.
TL;DR Ethereum and Bitcoin have the same “attack surfaces” if used in the same manner. On either chain, trusting third parties can increase that attack surface. Everyone should stop blaming platforms for the way users of those platforms manage their own interactions with third parties.