Transparency and security are crucial in the world of cryptocurrency.
The contagion crisis in May and June provided a stark example of crypto’s vulnerabilities. Firms such as Celsius and Voyager Digital—both of which have since filed for bankruptcy—took highly risky positions with customer assets. That would be acceptable if customers were fully informed, but the real problem arises when these activities happen behind closed doors.
Customers of those firms now face lengthy bankruptcy proceedings—potentially taking years—to reclaim portions of their assets, with no guarantees. Had those customers accurately assessed the risks involved, many likely would not have chosen those platforms for their investments.
Security is the other key concern. Because many people lack the deep technical knowledge required to evaluate blockchain intricacies or assess the safety of a decentralized application (dApp), this area is understandably fraught with caution.
Fantom, a layer-1 blockchain platform, aims to strengthen the security of projects built on its network and has taken an interesting approach to do so. Today it announced adoption of Watchdog, a smart-contract security analyzer that will automatically audit decentralized applications launched on Fantom Mainnet to detect vulnerabilities.
Although audits are essential, the costs of traditional auditing can be prohibitively high. Firms that provide smart-contract audits charge thousands of dollars, with fees rising as high as $500,000 depending on the size and complexity of the code. As a result, many projects face difficult choices: pay for a comprehensive audit or allocate funds to alternative priorities.
This is the gap Watchdog intends to fill. It offers an always-on tool to continuously monitor smart contracts on the blockchain. Since its deployment on Ethereum, Watchdog has helped protect hundreds of millions in exposed funds and has publicly disclosed nine significant vulnerabilities.
Fantom’s announcement of its partnership with Watchdog is a noteworthy development. I interviewed Fantom CEO Michael Kong—who also recently appeared on the CoinJournal podcast—to get his perspective on several questions I had.
CoinJournal (CJ): How important are proper audits and increased transparency for crypto as it seeks wider adoption by mainstream finance?
Michael Kong (MK): Smart-contract security should be the number one priority for any developer. Smart contracts should be treated as mission-critical software where errors or bugs are not acceptable. They can hold millions—or in some cases, billions—of dollars in crypto, and a single mistake can lead to funds being lost or stolen. According to ImmuneFi, a smart-contract auditing firm, DeFi application exploits exceeded $1.8 billion between January and July 2022. Crypto cannot become mainstream until these security issues are addressed. Fortunately, many new developments are emerging that should reduce the frequency of exploits.
CJ: Do you think one reason audits are so expensive today is the highly specialized and complex technical knowledge required?
MK: Yes. Because smart-contract security is a difficult field, the number of people with the expertise to properly audit contracts is limited, while the number of contracts needing review keeps growing. Audits often take weeks or longer to complete, representing a substantial development cost.
CJ: Was the decision to use Watchdog driven by Fantom users, or was it a management-led initiative?
MK: Both. There has been significant demand from the community for tools that improve smart-contract security, and the foundation also recognized the importance of such tools given our background in developing contract analysis capabilities. Watchdog automatically reviews contracts, potentially reducing the incidence of exploits while lowering the time and cost of analyzing each contract individually. In short, Watchdog adds an extra layer of security to the Fantom platform.
CJ: With Watchdog monitoring all contracts that have a total value locked (TVL) of $10 million or more, is there still a risk that vulnerabilities could exist in lower-value contracts? Are those still worth an attacker’s time?
MK: It’s impossible to guarantee that any smart contract is completely immune to exploits. However, Watchdog plays an important role in checking contracts against a range of potential vectors for exploitation. This includes many contracts that may not have $10 million in TVL, and we encourage any project that wants Watchdog coverage to contact the Foundation. That said, the focus has been on high-TVL projects because those contracts represent the biggest potential losses.
CJ: Many people view crypto as a Wild West with limited transparency. Do you think that perception is justified, or is the industry moving in the right direction with innovations like this to minimize hacks and security problems?
MK: One advantage of public blockchains is that they provide a full audit trail from the first transaction to the most recent. Developers can publicly verify the original source code of their smart contracts, making the system fully transparent and open to inspection. Nevertheless, many smart contracts have been exploited, whether because individuals failed to do proper due diligence or because the exploit was complex and subtle. Tools like Watchdog should help developers create safer smart contracts and reduce these risks.
CJ: What would you say to crypto users who have never used Fantom but are considering getting involved?
MK): Building on Fantom is similar to building on Ethereum, but transactions are confirmed faster and cost far less. Where a smart-contract transaction might cost $50 on Ethereum, the equivalent on Fantom could be $0.50. This is due to Fantom’s unique consensus protocol that allows for asynchronous transaction confirmations (multiple transactions can be confirmed concurrently) with a single-block finality. To get started, see the Fantom documentation at docs.fantom.foundation.