This site uses cookies. Browsing the site, you agree to the use of cookies. If you need more information, please visit the Cookies Policy page
Cryptocurrencies: 9709 / Markets: 81567
Market Cap: $ 2 237 265 330 767 / 24h Vol: $ 97 059 685 556 / BTC Dominance: 53.903937866036%

Н News

Why less may be more when building Web3


To build secure and resilient Web3 systems, transparency alone is not enough. By placing greater emphasis on simplicity, we can make the peer-review of code more effective and minimize security breaches in the Web3 space.

To build secure and resilient Web3 systems, transparency alone is not enough. By placing greater emphasis on simplicity, we can make the peer-review of code more effective and minimize security breaches in the Web3 space.

The rise and fall of security through obscurity

We are used to the intuitive idea that security is somehow intertwined with secrecy. We keep our passwords secret and our valuables hidden. For decades, software engineers followed a similar approach to cybersecurity. The source code of computer software was kept private. In the event of a vulnerability, a security patch would be released. This was and continues to be one view of security: “security through obscurity” and we have to trust the patches that are pushed — without our knowledge or consent — to our computers and phones will do what they are supposed to do.

Proponents of open-source software took a radically different view. They argued that making code transparent and publicly available would mean developers could review and improve the code, and would have the incentives to do so. Under those conditions, security issues could be identified, corrected and peer-reviewed.

The staggering growth of open-source data systems

Since then, open-source software has gained broad market penetration. Although only a small percentage of users run Linux distributions on their PCs or laptops, in the background, it is quietly powering much of the internet. An estimated 96% of the million largest web servers globally run on Linux, which also powers 90% of all cloud computing infrastructure. When you bring Android into the picture — the Linux fork running on over 70% of smartphones, tablets and other mobile devices globally — it’s clear that the modern internet as we know it is massively influenced by open-source systems.

Of course, the pervasive presence of open-source code extends to Web3 too. Public blockchain networks, including both Bitcoin and Ethereum, often cite their open code roots.

For Web3 security, transparency alone is not enough

The problem is, more transparency does not necessarily ensure greater security. Sure, the popularity of Linux has done wonders for open-source code and has certainly improved its security. But are there really many eyes on blockchain code?

In many respects, the scrutiny of open-source code is akin to a public good in economics. Like any publicly accessible resource like clean air or public infrastructure, everyone benefits from it. However, individual users may be tempted to use the resource without contributing to its maintenance costs. In this analogy, “free riding” means using an existing codebase while assuming someone else will invest the effort and time to check it for vulnerabilities.

Last year became known as the year of the cross-chain bridge hacks. Those hacks were clear warning signs that the sprawling and loosely coordinated development of an allegedly transparent Web3 still rests on a knife’s edge.

The upside of the Web3 development community is their eagerness to share, adopt and build. The downside is the potential for enormous damage from the free rider problem. By assuming others’ solutions can be relied upon to mix and match, attack surfaces and smart contract dependencies become too difficult to track. A reasonable skeptic or late adopter might conclude this open source movement is not like the last: there are too few dedicated to making rigorous and diligent contributions while the rewards go to those who make the boldest and most impressive claims — whether the work can withstand scrutiny or not.

Join the community where you can transform the future. Cointelegraph Innovation Circle brings blockchain technology leaders together to connect, collaborate and publish. Apply today

The complexity trap

Complexity bias is a term used to describe a logical fallacy whereby people overvalue the utility of complex concepts or solutions over simpler alternatives. At times, it is easy to be so dazzled by the apparent technical sophistication of a solution that we don’t stop to question if there might be an easier way.

Because blockchain is difficult to understand, it is easy to get excited about some idea, like a cross-chain bridge, and chalk up its difficulty to another level — let’s call it “complicated.”

However, most blockchain projects are not complicated — they are complex.

According to Harvard Business Review, complicated systems have “many moving parts, but they operate in patterned ways.” When you think about the electricity grid for a region, for instance, it is clearly very complicated and encompasses many constituent parts. Nevertheless, the parts of the system tend to act in predictable ways: When you flick on the light switch in your living room, you can expect to get light the vast majority of the time. If properly maintained, complicated systems can be highly reliable.

In contrast, complex systems are characterized by features that “may operate in patterned ways but whose interactions are continually changing.” This interactivity makes complex systems more unpredictable. The degree of complexity of a system is determined by three key characteristics: the multiplicityor number of elements that interact, how interdependentthe elements are and the degree of diversity orheterogeneityamong them.

In case it needs to be stated, nearly all bridges and cross-chain solutions are examples of highly complex systems. The losses in the 2022 Wormhole and BSC bridge hacks, $325 million and $568 million respectively, illustrate the relative rewards of taking advantage of an exploit instead of fixing it pre-emptively.

Keep it simple

It feels as though Web3 ought to be complex. It is impossible to estimate the true scale and scope of new economic activity to come. Web3 values of individualism and economic inclusion suggest permutations and combinations that will grow as each person is born. Who knows what’s ahead? Shouldn’t we embrace complexity?

Well, yes and no.

The infrastructure for Web3 need not be unpredictable. In fact, like the electric grid, it would be better if it weren’t.

For blockchain architecture to become more secure and genuinely transparent, we need to overcome some of the biases we have been led to believe. Before following the newest trend, perhaps we should examine the existing technical debt and aim for simplicity or, at most, complicated. It takes discipline to build for the ages — in this case, for Web3 and beyond.

Stephanie So is CEO and co-founder of Geeq, a no-smart contracts, multi-chain, Layer 0 platform. She is a microeconomist and policy analyst.

This article was published through Cointelegraph Innovation Circle, a vetted organization of senior executives and experts in the blockchain technology industry who are building the future through the power of connections, collaboration and thought leadership. Opinions expressed do not necessarily reflect those of Cointelegraph.

Learn more about Cointelegraph Innovation Circle and see if you qualify to join


  • 07.09.23 16:24 CherryTeam

    Cherry Team atlyginimų skaičiavimo programa yra labai naudingas įrankis įmonėms, kai reikia efektyviai valdyti ir skaičiuoti darbuotojų atlyginimus. Ši programinė įranga, turinti išsamias funkcijas ir patogią naudotojo sąsają, suteikia daug privalumų, kurie padeda supaprastinti darbo užmokesčio skaičiavimo procesus ir pagerinti finansų valdymą. Štai keletas pagrindinių priežasčių, kodėl Cherry Team atlyginimų skaičiavimo programa yra naudinga įmonėms: Automatizuoti ir tikslūs skaičiavimai: Atlyginimų skaičiavimai rankiniu būdu gali būti klaidingi ir reikalauti daug laiko. Programinė įranga Cherry Team automatizuoja visą atlyginimų skaičiavimo procesą, todėl nebereikia atlikti skaičiavimų rankiniu būdu ir sumažėja klaidų rizika. Tiksliai apskaičiuodama atlyginimus, įskaitant tokius veiksnius, kaip pagrindinis atlyginimas, viršvalandžiai, premijos, išskaitos ir mokesčiai, programa užtikrina tikslius ir be klaidų darbo užmokesčio skaičiavimo rezultatus. Sutaupoma laiko ir išlaidų: Darbo užmokesčio valdymas gali būti daug darbo jėgos reikalaujanti užduotis, reikalaujanti daug laiko ir išteklių. Programa Cherry Team supaprastina ir pagreitina darbo užmokesčio skaičiavimo procesą, nes automatizuoja skaičiavimus, generuoja darbo užmokesčio žiniaraščius ir tvarko išskaičiuojamus mokesčius. Šis automatizavimas padeda įmonėms sutaupyti daug laiko ir pastangų, todėl žmogiškųjų išteklių ir finansų komandos gali sutelkti dėmesį į strategiškai svarbesnę veiklą. Be to, racionalizuodamos darbo užmokesčio operacijas, įmonės gali sumažinti administracines išlaidas, susijusias su rankiniu darbo užmokesčio tvarkymu. Mokesčių ir darbo teisės aktų laikymasis: Įmonėms labai svarbu laikytis mokesčių ir darbo teisės aktų, kad išvengtų baudų ir teisinių problemų. Programinė įranga Cherry Team seka besikeičiančius mokesčių įstatymus ir darbo reglamentus, užtikrindama tikslius skaičiavimus ir teisinių reikalavimų laikymąsi. Programa gali dirbti su sudėtingais mokesčių scenarijais, pavyzdžiui, keliomis mokesčių grupėmis ir įvairių rūšių atskaitymais, todėl užtikrina atitiktį reikalavimams ir kartu sumažina klaidų riziką. Ataskaitų rengimas ir analizė: Programa Cherry Team siūlo patikimas ataskaitų teikimo ir analizės galimybes, suteikiančias įmonėms vertingų įžvalgų apie darbo užmokesčio duomenis. Ji gali generuoti ataskaitas apie įvairius aspektus, pavyzdžiui, darbo užmokesčio paskirstymą, išskaičiuojamus mokesčius ir darbo sąnaudas. Šios ataskaitos leidžia įmonėms analizuoti darbo užmokesčio tendencijas, nustatyti tobulintinas sritis ir priimti pagrįstus finansinius sprendimus. Pasinaudodamos duomenimis pagrįstomis įžvalgomis, įmonės gali optimizuoti savo darbo užmokesčio strategijas ir veiksmingai kontroliuoti išlaidas. Integracija su kitomis sistemomis: Cherry Team programinė įranga dažnai sklandžiai integruojama su kitomis personalo ir apskaitos sistemomis. Tokia integracija leidžia automatiškai perkelti atitinkamus duomenis, pavyzdžiui, informaciją apie darbuotojus ir finansinius įrašus, todėl nebereikia dubliuoti duomenų. Supaprastintas duomenų srautas tarp sistemų padidina bendrą efektyvumą ir sumažina duomenų klaidų ar neatitikimų riziką. Cherry Team atlyginimų apskaičiavimo programa įmonėms teikia didelę naudą - automatiniai ir tikslūs skaičiavimai, laiko ir sąnaudų taupymas, atitiktis mokesčių ir darbo teisės aktų reikalavimams, ataskaitų teikimo ir analizės galimybės bei integracija su kitomis sistemomis. Naudodamos šią programinę įrangą įmonės gali supaprastinti darbo užmokesčio skaičiavimo procesus, užtikrinti tikslumą ir atitiktį reikalavimams, padidinti darbuotojų pasitenkinimą ir gauti vertingų įžvalgų apie savo finansinius duomenis. Programa Cherry Team pasirodo esanti nepakeičiamas įrankis įmonėms, siekiančioms efektyviai ir veiksmingai valdyti darbo užmokestį.

  • 08.10.23 01:30 davec8080

    The "Shibarium for this confirmed rug pull is a BEP-20 project not related at all to Shibarium, SHIB, BONE or LEASH. The Plot Thickens. Someone posted the actual transactions!!!! It seems the article is true!!!! And it's also FUD. Let me explain. Check this link: So there really is a "Shibarium" token. And somebody did a rug pull with it. CONFIRMED. But the "Shibarium" token for this confirmed rug pull is a BEP-20 project not related at all to Shibarium, SHIB, BONE or LEASH.

To join the Chat, you need a free account. Enter Registration
Have questions?
We're available 24/7
Help Icon