Ad
CryptoSlate on Substack
Essential crypto updates and analyses. Straight to your inbox, every day.
Join 75k subscribers
 Ad
News
Investor exodus from Bitcoin ETFs as BlackRock and Fidelity see significant outflows FBI warns US citizens against using ‘unregistered crypto money transmitting services’ Consensys sues SEC, seeks court declaration that Ethereum is not a security SEC cold-shoulders Ethereum ETF applicants in meetings, dashing hopes of May approval Bitcoin ETFs in the US drive higher crypto allocations among institutional investors
Should security be immutable? Should security be immutable? Brian Pak · 3 months ago · 3 min read
Contributor Op-Ed

Should security be immutable?

The balance between immutability and security in blockchain faces new tests from sophisticated exploits.

Brian Pak
Feb. 11, 2024 at 3:00 pm UTC
3 min read
Updated: Feb. 10, 2024 at 3:54 pm UTC
Should security be immutable?

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Blockchains were created with immutability as one of its fundamental principles and to many the thought of introducing limited mutability contradicts the very foundations on which blockchains were first created. While the immutability of blockchains is key to fortifying security and fostering trust, it must be emphasized that immutable blockchains are not faultless and recent exploits in 2023 have raised questions about the possibility of limited mutability. 

Immutability only guarantees security when code is invulnerable

Immutability prevents many types of exploits as the inability to modify code or data prevents bad actors or attackers from manipulating a system. However, in situations where upgrades are not possible, challenges may arise, including the risk of encountering delayed updates when necessary modifications are required, or the potential for funds to be left in vulnerable contracts. This is what happened in the August attack against Curve Finance.

Curve’s Liquidity Providers (LPs) had a timelock embedded in the smart contracts, making it technically impossible to fix a coding vulnerability within Vyper. By forfeiting the ability to edit the state of the smart contract, the protocol was unprotected against an exploiter who was able to drain $62 million from Curve.

This highlighted that immutability can cause immense problems when codes are vulnerable. Although a comprehensive audit might have detected these exploitable functions, the nature of immutability would have made it impossible to fix. 

Immutability is sufficient for the short-term but could cause long-term problems in mitigating emerging threats

While immediate risks to blockchain security may not be urgent enough to warrant a departure from immutability – even though most hacking incidents are not significantly linked to immutability – we still need to acknowledge some of the difficulties they currently cause. 

For example, advancements in blockchain technology continue to take place rapidly. Consequently, when essential changes are required and updates become impractical, protocols are currently compelled to transition to newer versions. Looking ahead, this scenario is a challenge for protocols and other businesses operating on blockchain platforms.

What is crucial is acknowledging that technological advancements may create more problems in blockchain security and betting on blockchain’s immutability could potentially be risky when significant funds are at stake. Hackers and exploits continue to become more sophisticated and advancements such as quantum computing will increase vulnerability to exploits such as storage hacks and transit attacks. While developments such as quantum computers are not an immediate threat, there may come a time when upgrades are necessary for security to be preserved.

While networks such as Bitcoin are so far unharmed (largely due to its immutability), it is not out of the question that Bitcoin could be hacked. Furthermore, more complex blockchains that focus on programmability and end-user apps vastly differ from Bitcoin and would contain more attack vectors, leaving them at greater risk. 

Immutability helps to build trust

While we have outlined some of the problems with immutability, it would be blinkered to disregard some of its unquestionable triumphs, the greatest being its ability to build trust, a fundamental principle behind the concept of blockchains. 

Immutability helps to build a strong sense of trust amongst its users due to its unchangeable nature. The Bitcoin Network is the greatest example of immutability, whose unblemished track record has instilled trust in its users.

The success of immutability within the Bitcoin ecosystem has helped to create some of the strongest social consensus across the whole space. Users collectively recognize and value the unchangeable nature of Bitcoin and the incentive to maintain its integrity has helped it to succeed in creating the most resilient ecosystem in the web3 space. 

The inherent risks of mutability remain notable

Equally mutability can lend itself to malicious activity whereby coding can be changed to benefit a minority. An example of this is the Multichain/AnySwap’s exploit. While there’s still little clarity over exactly what happened with this exploit, sources have said that Multichain/ AnySwap simply decided to siphon funds out of its protocol because it was possible to do so.

Critics of Multichain’s response claim that the project could have and should have ‘decentralized’ access to the protocol’s private keys as one individual reportedly held it. Mechanisms such as multi-signature vaults (‘multisigs’) are a viable solution to issues such as Multichain’s exploit as malicious actors within the multisig would be unable to manipulate the protocol as they are denied the consensus to do so.  

Conclusion

Considering the upsides and downsides, immutability remains the ideal structural approach. It is one of the foundations on which Bitcoin was first created and has been instrumental in keeping it secure and creating such a strong sense of consensus. However, we must not forget that the Bitcoin ecosystem is by far the most simple.

More complex ecosystems and protocols will continue to emerge, requiring modifications to maintain security. As we move into the next bull run, liquidity will return to the DeFi ecosystem and more protocols will emerge. At the same time, this will create an opportunity for hackers and it is important to remember that blockchains are by no means perfect. If security is not a priority from the design phase, many will fall victim to the inevitable risks of hacks regardless of whether or not a protocol is immutable. 

Posted In: Crypto, Guest Post, Hacks, Op-Ed
Guest Contributor

Brian Pak

Co-founder at ChainLight

Brian Pak is co-founder of ChainLight, a blockchain security firm that specializes in smart contract audits as well as on-chain monitoring. Experts in white hat hacking, ChainLight recently saved zkSync Era from a $1.9 billion dollar exploit and is now part of SEAL911 an alliance of blockchain security firms ready to counteract illicit crypto activities.

Editor Editor

News Desk

Editor at CryptoSlate

CryptoSlate is a comprehensive and contextualized source for crypto news, insights, and data. Focusing on Bitcoin, macro, DeFi and AI.

Latest Press Releases
View All

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.

Latest Alpha

 Ad
CryptoSlate on X x.com/cryptoslate
Follow us on X for your essential dose of daily crypto news and deep dives.
Join 50k followers
 Ad