We are looking for Main Discussants for Block#10! In the next BGIN event, we are (partially) opening up Main Discussant positions to anybody willing to share and discuss ‘Smart Contract Security and Governance’ based on research papers, white papers, and reports that have been published or new ideas/suggestions from you! Please feel free to share your ideas and suggestions below. We are looking forward to your contribution!!
Welcome Shunya Noda, Professor at Tokyo University.
Welcome Mr. Torigoe at Titania Research.
Hi! I’m Ippei Torigoe, and I usually work as an anon called vita.
I appreciate the opportunity to hear from you.
I originally worked at a staking provider in singapore, then as a researcher at a venture capital firm in dubai. Subsequently, I founded a research team called Titania Research, which contributes mainly in the area of block construction process in Ethereum.
Personally, I am interested in exploring the area of PBS (proposer-builder separation) in Ethereum.
1 Like
Hello Torigoe -san @vita . It is a pleasure to meet you virtually.
You have great experience, having worked in various industries and countries.
Let’s explore topics of interest to have a great conversation in Tokyo.
Leon
2 Likes
Hi! I joined here.
1 Like
It’s great to have you here. I fully support Leon’s moderation and the sharing insights from Prof. Noda and Mr. Torigoe.
Hello @vita @Shunya_Noda
We are in the final 2 weeks before the event starts. Shall we try to align the topics that we would like to discuss?
I understand you have various research interests. Let’s see what common themes we can focus on.
My initial suggestion was to link smart contracts, security and (security governance). Security often depends on motivations of stakeholders. Technically, 100% security does not exist. Smart contracts are notoriously weak. Many block chain projects think about security as an afterthought. Solidity language was not designed with security in mind.
Besides, security is expensive. As a general rule, most of participants want to make profit and nobody wants to share costs.
Can we build on that?
For example:
- Who is responsible for security in a decentralized project?
- Smart contracts often represent an agreement between parties. If it is broken by a third party, what happens?
- Should contract parties be interested in security? If so, to what extent?
- In the traditional world security is an expense driven either by the business model or regulation. Therefore: should security be regulated? How should contract paries be motivated to maintain security rather than transfer all consequences to others?
Please share your ideas which research topics you would like to bring.
Hello @leonmol
The topic I am working on is about beacon-chain communication such as known as PBS. And more abstract than smart contract security is incentive mismatch due to execution reward spikes. So I hope to talk mainly on topics like ‘MEV issues in Ethereum’ with the following flow.
- Definition of MEV
- Explanation of block construction flow
- Current problem 1: Centralization of builders
- Current problem 2: Centralization of relays
- Direction of solution under discussion: out of protocol
- Direction of solution under discussion: in protocol
- Comparison with traditional finance
Hi @vita
Thank you for sharing your thoughts.
A couple of questions:
- Do you see any ways how this research relates to security and/or governance?
- This topic seems to be focused on Ethereum only. I am wondering how this can be applied to other blockchains. We normally have representatives from many different projects and therefore, if they feel this is not relevant then they may lose interest. Is there a way to generalize to go beyond just Eth?
Leon
@Shunya_Noda Any thoughts?
- I’m not sure if this is called security, but I do know that reorg are more likely to occur during MEV spikes, in which case the chain is more likely to be reorganized and security is compromised.
- I think it’s the future of the block space or the type of MEVs, such as arbitrage or front running something.
1 Like
OK, @vita sounds good.
What could be that compromise in your opinion?
The whole point of security governance is aligning motivation and assuring security. If an actor, including an inside actor (e.g. builders and/or proposers), want to make money at the expense of others, then they try to find system/technology weaknesses to achieve their goals.
Ultimately, people, processes and technology should align to produce security.
1 Like
Sorry for the late reply.
As for the topics @leonmol suggested,
- Who is responsible for security in a decentralized project?
- Should contract parties be interested in security? If so, to what extent?
- In the traditional world security is an expense driven either by the business model or regulation. Therefore: should security be regulated? How should contract paries be motivated to maintain security rather than transfer all consequences to others?
I have some opinions for these issues, and I’d be happy to discuss them.
- Smart contracts often represent an agreement between parties. If it is broken by a third party, what happens?
As for this, I am not sure what kind of attacks you are assuming, and the conclusions would depend on the assumptions. This could be interesting if we specify the situation in more detail.
I agree with @vita in that discussion about MEV would be an interesting topic. The stability and security of Layer 1 is important for all stakeholders of any cryptocurrency, and block production is its essential part.
2 Likes
@Shunya_Noda This is great !
This is perfectly fine.
It would also be good to expand this beyond just Eth. Is it not directly linked to the consensus algorithm chosen?
@Shunya_Noda This refers to situations e.g. when a system is hacked and funds are stolen or even when a developer locks/deletes a key by mistake.
Ultimately, it is a question of liability.
In the traditional world there are many standards/best practices/regulatory requirements that require certain standards of cybersecurity. If a party falls below those, they can be sued and compensation is possible from the defaulted party.
How can this be implemented in web3?
I’m not familiar with security and governance, so I honestly don’t know the specifics.
But I think of course MEV can be categorized as a security and governance element, but that may not be enough, because MEV are naturally occurring and the way they are perceived, their role, and their implications vary depending on the culture and mindset of the chain. Cosmos sees MEV as evil, while Ethereum sees them as neither good nor evil as a form of privacy.
Thus, “MEV can be good, bad, or neither, depending on the chain and how the developer or researcher something perceives/thinks/cultures them,” which is an interesting property in itself. So I think it would be a good idea to pitch this property so that we can proceed to discuss it.
- different ideologies and cultures view MEV differently. How each developers and researchers view it and think about solutions through consensus algorithms and smart contracts or any others.
- the flow of tx until it is included in a more holistic block
- more specific categorization of MEV types
Depending on how you view 1, 2 and 3, the flow of tx and the type of MEV will change, and the end result will lead to discussions about what happens in terms of security and governance, although I don’t have a complete answer either.
It might be interesting to consider that with audience.
those are great points @vita
yes, these points 1, 2, 3 are all relevant to security.
Good, bad or niether lense can be a topic to debate too.
Ultimately, I would ask a question, why do such blockchain projects exist?
Do they exist for the benefit of miners/stakers only?
I would argue not. In my opinion blockchain infrastructure should support/enable real life use cases, e.g. agriculture marketplaces or family payments.
Once we look at this wholistically, this should guide us as to who should benefit from MEV technology.
Such technology has many optimization (maximization or minimzation) scenarious. The choice depends on what to optimize for.
If any of stakeholders want to maximize their benefits at the expense of others without proper governance decisions, then it becomes a matter of security. Security is supposed to assure funcionality of a system in accordance with its declared properties. Unauthorized deviations will constitute a breach.
It is a great point.
My opinion is that the benefit to miners/stakers is still important. Because without the benefit, node dispersion and population will be difficult to increase, and the value of the block space will be difficult to guarantee, and consequently not adaptable to realistic use cases.
But I do argue is that not miners/stakers only. I mean If we are to classify them broadly, there should be a design space where the expectations and needs of the protocol side and the expectations and needs of the user side can coexist. What I am trying to research now is the search for such an block auction model.