Aragon Nest Proposal: 0xdeface.me - An Ethereum Improvement Proposal for settling vulnerable smart contracts fairly

[TimDaub]

Aragon Nest Proposal: 0xdeface.me - An Ethereum Improvement Proposal for settling vulnerable smart contracts fairly

Abstract

A vulnerable smart contract is nightmare for every team. A vulnerability hurts everyone. The team can lose funds and credibility, potentially ending their project and forcing the return of users’ funds (see: TheDAO). Users of the contract are lucky if they get their funds back, as they have little recourse if the team is not able to return their funds. The Ethereum community suffers as well. The network’s reputation suffers with every vulnerability, and large-scale losses lead to controversy and infighting over proposed hard forks to undo the damage. Even attackers usually lose, as their crime is forever etched into the Ethereum blockchain and they are unable to convert to fiat.

To increase the security of the Ethereum network, protect users' funds, and allow contract operators to mitigate vulnerabilities in their smart contracts, we propose the 0xdeface protocol: an Ethereum Improvement Proposal (EIP) to settle vulnerable smart contracts fairly for all stakeholders.

0xdeface’s ERC is an interface specification currently consisting of 7 functions. It allows contracts to talk to the 0xdeface protocol Negotiator. If an attacker finds a vulnerability in a contract with 0xdeface enabled, they can commit the vulnerability to the Negotiator. To decrypt the attacker's vulnerability report, contract operators submit their public key and a bug bounty to the Negotiator. If the contract is vulnerable, the operator can decide to call a shutdown procedure that returns users' funds, shuts down the contract, and rewards the attacker with a bounty.

The 0xdeface protocol:

• Allows contract operators to mitigate contract vulnerabilities and iterate quickly;
• Provides a legal, ethical financial incentive for looking for vulnerabilities in contracts;
• Solves the problem of communication between attackers and operators; and
• Returns ETH to users of contracts rather than taking the ETH out of circulation.

Further information

We developed a white paper that provides extensive detail on how we plan to build the 0xdeface protocol. You can check it out here.

Why apply for Nest?

We've decided to apply for Aragon Nest as we believe we the Aragon Agent can add significant value to the 0xdeface protocol, providing accountability and oversight.

In our demo of the protocol, the vulnerable contract is operated by a single address. That might be ok for demonstration purposes, but we believe that in the real world a single person shouldn't have that much power. We want to build a contract that implements 0xdeface protocol's ERC interface and is operated by an Aragon DAO through the Aragon Agent. Operators of the DAO (“Members”) release their public keys. An attacker can sequentially encrypt and upload the vulnerability report to the Members. Members can decrypt and study the report. Members then vote on whether the contract should be shut down. An atomic swap between the bug bounty and the contract shutdown is executed by the Negotiator once a position is taken.

Once this system is in place, we want to develop more elaborate and creative systems to help mitigate vulnerabilities. One example would be drawing random contract users with stake to evaluate the severity of a vulnerability, but there are many other possibilities. Managing vulnerable contracts with an Aragon DAO is just the beginning.

Deliverables

1. Qualitative research on the assumptions made in the white paper (discussions with auditing firms, security experts, and contract operators), with results shared publicly.
2. Tooling to allow the implementation of the standard (Aragon Agent integration, Plasma exits library, etc.).
3. Draft of the 0xdeface ERC published on Github (ethereum/EIPs).
4. Negotiator contract (tested, and, if sufficient funding is provided, professionally audited).
5. 0xdeface.me web application that interacts with Negotiator.

Grant size

Funding: $100,000 in DAI, payable in installments on delivery of milestones. Success reward: Up to 30,000 ANT in addition to funding above, paid when all milestones are met.

Application requirements

Proof of Concept

We have already put significant effort into developing the framework for the 0xdeface protocol:

• GitHub org with all the code: here
• Demo on Rinkeby (Tim is currently the centralized contract operator): here
• White paper: here
• Lightning talk on 0xdeface protocol: here, 4mins youtube video

We have already committed significant time and personal resources into the project, estimated at 1.5 person-months, full time. @vrde and @TimDaub attended EthCC in Paris to talk to security experts and community stakeholders, and delivered a lightning talk about the project.

Team

Tim Daubenschütz (@TimDaub, full time) is a full stack engineer with a passion for security, decentralization, open source, and permissionless innovation. He joined the blockchain space in 2015 as a front end developer. He has experience in managing teams as product manager at BigchainDB GmbH. He's the lead author of COALA IP, a standard for intellectual property licensing on blockchains.

Alberto Granzotto (@vrde, half time) has been coding for 20 years. He has worked on a wide range of open source technologies. He was an advocate for the main FOSS organization in Italy (AsSoLi). He founded and managed his own company (Urlist) in 2012. In 2015, he joined BigchainDB and worked on consensus algorithms for distributed systems. He cares about security, free open source software, and privacy.

Tim and Alberto have worked closely together since the 2015, and have developed many successful projects together: ascribe.io, BigchainDB, teachers at ReDi-School for refugees.

Budget

We propose the following budget for the grant:

• 40000 DAI for a full time developer
• 20000 DAI for a part time developer
• 30000 DAI for external contributors (legal advice, security consulting, software engineering, copywriting).
• 10000 DAI for "promotion" (conferences, traveling, bounties).

For an 8 months timeline, this is a burn rate of 12,5k DAI/month. This budget will reach the milestones described above. In addition to this, we expect to need an additional 8-10 months to have the project production-ready after these milestones are achieved. In addition, we will need funds to complete an independent security audit of the code. We have not received quotes for this audit, but we expect it will add to the cost significantly.

Legal Structure

0xdeface is currently a partnership between Tim and Alberto. We will incorporate before deploying to the main net to manage our legal liability. Within the company, we plan to manage funds using an Aragon DAO, and to make our operation as transparent as possible.

Development timeline

We believe that we'll be able to deliver on the deliverables in 6-8 months. Here's how we image the development to take place:

We have allowed the following time for each deliverable:

• Qualitative research and tooling research: 1-2 months
• Tooling implementation: 1-2 months
• Developing the ERC standard, Negotiator and web app: 2-4 months

[LouisGrx]

Hey there,

Thanks a lot for such a clear and detailed proposal and also for your patience. Highly appreciated!

The 0xdeface protocol sounds like a very interesting idea and using the agent app on top of it is very exciting. Unfortunately, these days the Nest program is very tightly focused on funding teams that help Flock teams deliver their roadmaps by bringing down specific barriers (technical or non-technical). In this regard, the proposal falls out from Nest's current scope and we will have to reject it.

I hope that you guys manage to find a way to work on this anyway.

Available if you have questions.