Can good alignment of incentives encourage better reporting of blockchain bugs?
It is the goal of Hydra, a new effort funded by the National Science Foundation's Foundation for Higher Studies Research and designed by a team of researchers including Lorenz Breidenbach, Phil Daian and Ari Juels of Cornell and Florian Tramer of Stanford
Announced today at the annual ethereum developer conference, Devcon3, the Hydra project is innovative in that its contracts are designed to automatically and programmatically offer those who report a bug higher rewards. that they had exploited one. In this way, if a user's smart contract hacking gave a reward of 100 chips, Hydra would pay 1000 chips if he reported it instead.
As such, the project offers a potential solution to a common incentive problem in the development of smart contracts. A popular tool for open-source projects, many times payments simply make the wrong behavior more lucrative.
Hydra refines the incentives, however, by testing how the emerging concept of crypto-economics – simply, studying cryptocurrency savings – could encourage people to report the bugs they identify.
But rather than condemning the actions of bad actors, Daian sees Hydra as a solution that combines pragmatism and intelligent programming.
"Let's see this as a game. What would a rational attacker do with these systems? Say that an attacker finds a bug: would they attack or would they claim the bonus?"
But while many will be excited to start playing with the system, released in alpha today, Daian pointed out that it is still a fledgling technology that might not be safe for storing funds.
He said, "The code is there for you to play with … But trust the funds with this Hydra baby that we did spin – not a good idea.
Image by Rachel Rose-O 'Leary for CoinDesk
Leader in blockchain information, CoinDesk is an independent media company that strives to achieve the highest journalistic standards and adheres to a strict set of editorial policies. Do you have any breaking news or a tip to send to our journalists? Contact us at email@example.com.