Original Author: Carl Hua, Partner and CTO at Shima Capital
After the recent Curve reentrancy exploit, I reflected on my experience at JPL NASA, where I learned key principles for developing reliable and resilient software. These insights are now more important than ever for the crypto industry, for the following reasons:
Ultimately, people only truly care about two types of software: software that can kill you and software that can make you lose money.
In the critical software of any aerospace machine, the majority of the budget (80%+) is not allocated to development itself, but to integration and testing. If the software fails, the spacecraft will fall from the sky—be it a fighter jet, drone, or spacecraft.
Most of the code in aerospace software (if classified as critical modules) adheres to extremely strict testing/development standards, such as DO-178B Level A. Not only is every line of code tested, but if there is nested logic, each logical condition is also specifically tested.
At JPL NASA, the concept of writing advanced aerospace software is not about writing the most beautiful, clean code, but about writing code that is easy to unit test. Why? It's simple: when you send a spacecraft into space, you only have one chance, and no one is willing to take the risk of a high probability of failure. This is similar to blockchain logic, as immutable code is its crucial feature, and we only have one chance to use our funds correctly in each transaction, so why not take the development of dApps more seriously?
Despite strict development, testing, and code auditing processes, it is evident that these measures are not sufficient to mitigate all errors and attacks, as it is practically impossible to eliminate all runtime errors through testing and auditing. So how do we protect our software from failure?
Runtime Protection
Runtime protection is a security technology that protects software applications from malicious attacks during runtime. Its principle is to perform real-time detection and analysis of the program's actual behavior to protect the program from the impact of malicious data and attacks.
The runtime protection of high-reliability software requires significant investment and design, as it is the final line of defense to ensure that the software does not enter an unknown state or fail. This is not just an argument, but a practice that has been verified for decades.
Today in Web3, I believe that DeFi applications need the same high reliability and should consider the same approach. However, due to its potential limitations, the EVM is not designed to handle complex tasks such as runtime protection. So how do we provide runtime protection?
One way is through Aspect programming, which is designed by the Artela blockchain network. It can switch execution contexts throughout the lifecycle of any smart contract transaction to perform advanced checks on the real-time state of the program. Artela provides a unique design for runtime protection through Aspects and EVM compatibility, and it has the potential to become the future foundation of secure crypto smart contracts.
Artela has published the specific use of Aspects in preventing Curve reentrancy attacks in the following article and looks forward to exchanging ideas together!
"Compiler Vulnerability Unsolvable? Runtime Protection Realizes On-Chain Risk Control for DeFi"
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
