4 min read

Unexploded Ordnance in Crypto

We *also* need to talk about the hidden risks in crypto.
Unexploded Ordnance in Crypto

I’m strongly optimistic about crypto, and think crypto is the substrate that’s most likely to help humanity innovate out of the multiple existential crises ahead of us.

That said, there’s a whole lot of landmines lurking in crypto, and they seem under discussed (if folks are aware of them at all). I think crypto networks will contain damage (blast radius) and learn and heal faster than their predecessors because they are living and antifragile.  

But, some risks are clear even from where we stand today, and we all advance faster if we can figure them out quickly. There're certainly large opportunities for new companies and protocols to address many of these risks.

Here're some of the hidden risks I wonder about.

Recursion (markets with infinite derivatives)

A friend: “So, all those folks who take out USD loans, overcollateralised with Bitcoin... what do they do with the dollars?”

Me: “Well... in theory, they buy a house or a car. In practice... they buy more bitcoin, and then another overcollateralised USD loan with that bitcoin... and - potentially - again, and again and ...”

Friend: “Shit. Like a giant, recursive, pile of shit?”

Me: “With a bomb inside.”

Another, less graphic, way to think about this: The root of much financial instability (or malfeasance) can be traced to “derivatives”. In crypto land, anyone can make a smart contract that references another smart contract, and hey presto, a derivative is born. That means there’s an infinite number of “derivatives” that can be imagined for any particular “underlying”.

So… fingers crossed.

Forking bugs (the dark side of composability)

Recently there was a bug in a core Solana library. It was discovered before it was exploited, and fixed. A number of other projects had “forked” (used the code in their own projects) the code. Some of the projects were known, and they were notified. But there’s no way to know for sure where else that code might be used. Because there’s no way to know if anyone else happens to have copy-and-pasted-that-particular-piece-of-code into some other project.

At scale, much of the promise of crypto-networks is the composability of code. That sounds elegant, and it might be if composability only happened via API calls. That isn’t the only option, though, and often enough “composability” is achieved by copy and pasting. How many land mines will we discover like this? Maybe not many. Hopefully not many.

Private and opaque crypto (zk SNARKs)

There are a lot of tremendously powerful benefits to technologies like zk SNARKS, and they’re an area we believe deserves active research. Philosophically, I believe privacy is a human right and I’m all for the privacy that things like SNARKS provide.

Here, however, we’re looking for bombs, so let’s talk about zCash, a privacy preserving chain that allows for entirely private transactions. Long story short: a core developer discovered a hack that would have allowed them to mint an infinite number of tokens, without leaving a trace.

To perform this hack, an attacker would need certain publicly-downloadable files. As the story goes, the developer and company quickly removed from the files from the internet, made appropriate changes to the blockchain, and alerted the community when the network had been secured.

I don’t disbelieve this story. But I wonder, if all developers, sitting alone in their offices (basements?), were to come across a bug that would let them give themselves infinite, untraceable money would be quite so honest. The very nature of an anonymous blockchain means that we can never know.

I find this ambiguity unsettling, in the way Gaal Dornick fears black holes.

Spies and pseudonyms

Nation states use spies to understand and sometimes disrupt the governments of other nation states.

And there’re lots of good reason to believe many nation states think of crypto as (amongst many things) rival nation states. I don’t know a lot about spying, but it seems like pseudonyms would make things a lot easier for the feds of many nations (and?), who will want spies in certain projects.

I think pseudonyms are great for resisting censorship and preserving privacy. I’m glad that @balajis and others champion the message so forcefully. Trust, however is a complicated thing, different than censorship-resistance, and I’ll trust a pseudonym when I see a person I trust list @pseudonym as their kids’ guardian.

What're the odds that at least one pseudonymous core contributor to an important project will be a spy?  That they’ll slip in a bug? Who knows, but the NSO Group still exists and they hacked State Department employees.

Hardware bugs

MobileCoin is building an entire blockchain around Intel-exclusive processors. They did this because Intel has a set of secure hardware features (called SGX) that allows the code to trust that the computer it’s running on has not been tampered with. That’s the point of the feature, at least.

Except that recent exploits like Meltdown and Spectre show that it’s always possible that another widely-deployed in-silicon exploit may be discovered, some day. Is this guaranteed (or even very likely) to happen? No.

But security developers are joking about it. And have... thoughts?

(Randomly, one of MobileCoin’s founders is pseudonymous.)

I don’t know how likely any particular hardware hack is, but I would put more faith in systems implemented in mutable software over immutable silicon. NB: It's fair to also claim that by restricting thing to Intel's SGX, they've contained the potential attack surface for some number of attacks.

A Cambrian explosion of garden-variety bugs

The average smart contract is going to have more bugs, and as there are more interactions across multiple blockchains there’re going to be more bizarre and unpredictable edge conditions and exploits. I’m unsure what the security consequences are in a hypermultichain world… just that it seems … complicated and ripe for hard to predict edge conditions.

As with climate change, extreme events may get both more extreme and more frequent. I've yet to find a way to reason about it.