bug bounty code

Christian Seberino, an Ethereum Classic and IOHK professor, has proposed a new method of debugging smart contracts. With millions of dollars lost to smart contract flaws each year, designing secure smart contracts is a vital matter. Seberino’s proposal provides an alternative to a common debugging method called formal verification—but will it gain traction in the blockchain world?

Formal Verification, Meet Design Debugging

Formal verification is currently a popular method of debugging smart contracts. This method relies on logical and mathematical testing. However, it also requires developers to define what is correct, a task that becomes more complex as a project grows larger. But despite its inconveniences, formal verification is currently a leading option for bug testers.

Seberino’s alternative is called design debugging, and he says that this method requires “vastly less effort” than formal verification. According to Seberino, design debugging can catch deep and subtle bugs with very little effort, including all of the bugs that formal verification can find. The method is also relatively easy to learn.

Although design debugging has been subject to some criticism, the process is already widely used by big names in the tech industry. Both Amazon and Microsoft are using a related language called TLA+ to discover vulnerabilities in their products and services, meaning that design debugging is already a viable option.

Why Bugs Matter

Ensuring the security of any given smart contract is vital, as a single vulnerability can cost thousands or millions of dollars if it is successfully exploited by a hacker. Ethereum’s DAO is the most famous victim of a smart contract attack, but there have been other major incidents since then. Spankchain and EOSBet, for example, have both fallen victim to sizeable smart contract attacks.

But although smart contract attacks are becoming more common, formal verification is not universal. Only some platforms, such as Tezos and Cardano, have implemented formal verification as a fundamental feature. Meanwhile, projects and groups like Consensys, CertiK, and Quantstamp are providing formal verification as a third-party audit service.

A novel alternative like design debugging certainly has room to grow popular with blockchain projects. However, it is not clear whether the feature will make its way onto the two blockchains that Seberino is affiliated with–Ethereum Classic and Cardano. Only time will tell if the new approach holds broad appeal for the blockchain sector.

Image(s): Shutterstock.com