HashQuark, DODO, Mask Network, EigenPhi and Appi Lab conducted in-depth discussions on “how to avoid and optimize BSC network downtime, slow node services, frequent hacker attacks, etc.”.
Finishing: Zoe Zhang
For any public chain, security is a top priority. Although there are no shortage of outstanding players in the emerging public chains, there is still room for optimization in terms of network performance and security. Even BSC, which has performed well since its launch in September last year, cannot be avoided. In the past few months, BSC has experienced multiple network shutdowns and hacking incidents, which have brought many negative effects to BSC. Some people say that the DeFi protocol itself has problems, and some people say that the project code overlaps highly, and the lively discussion in the community has further promoted our thinking.
On June 8, 2021, in the roundtable dialogue session of a Meetup closed-door event hosted by Hash Global and Mask Network, and jointly hosted by Lianwen and Winkrypto, with the theme of “BSC Iterative Evolution”, Pan Zhixiong, research director of Lianwen , HashQuark CMO Dora, DODO co-founder and CEO Leida Xiong, Mask Network founder and CEO Suji Yan, EigenPhi co-founder Cheng Xianfeng, and Abby Lab Contract Security Director Sun Zhipeng focused on “how to avoid and optimize BSC network downtime and slow node services , Frequent hacking and other issues” in-depth discussion.
This article is a collection of exciting content from the round table discussion, and the content has been edited.
Pan Zhixiong: Earlier, there were network downtime problems in the BSC network. What are the root causes of these problems? How big was the impact on the various agreements at that time?
Dora: As a node on the front line of the battle , Hash Quark found that although BSC faced greater pressure during the period of large-scale congestion, our servers have never been shut down, so the saying that the BSC network is down and down does not actually exist. Investigate the reason, we can look at this problem from the development path of BSC and its mechanism design.
First, compared with Ethereum, BSC has set a larger block, which has faster block generation speed and superior performance. I think it is precisely because BSC is easy to use and cheap, and many people use it, that leads to congestion.
Second, many people think that the BSC 21 node mechanism will have centralization problems, but the requirements and costs of the BSC server are very high. Hash Quark operates about 40 public chain nodes. The hardware requirements and investment costs of the BSC server can be included. In the first five, the high threshold guarantees the smooth operation of nodes. On the other hand, with the continuous upgrading of hardware, the performance of BSC also has room for improvement.
Pan Zhixiong: Have your projects been deployed on BSC?
Radar bear: DODO’s business on BSC has also been greatly affected before. The broadcast node and verification node are not synchronized, which causes block delays, and the network nodes are subject to a relatively large impact. The problem will not be solved until BSC updates the node server.
After experiencing this incident, I believe that the physical world is limited. Don’t expect too much from any chain. With the expansion of the BSC development scale, no one can guarantee the availability. Now we will make a lot of preparations when connecting to each new chain. This is the experience learned from BSC. We believe that BSC will be able to solve such problems well in the future, and its development will become more and more stable.
Suji Yan: For the BSC problem, anyone can write code on it. If anyone dares to write code on it, it may cause node resources to be wasted in meaningless places. So from another perspective, Gas is not expensive at all. benefit. Now, every time we see that many big projects are about to go online, we are very nervous, worrying about what they will do on the mainnet and what will happen. This is some of our experience, but it is still very fragile.
Everyone thinks that BSC is more centralized, but in my eyes, both BSC and Ethereum have the drawbacks of being centralized.
In the 1990s, everyone was doing web pages, and no one was a server. Later, it caused a large area of web pages to be paralyzed, and then it developed into a server chain industry. I think that with the deepening development of the public chain, whether it is a multi-node public chain or a few-node public chain, public chains like PoS or BSC are likely to enter the stage of large-scale providers building their own computer rooms. Read it all over again, or check it again like Appi Lab.
Pan Zhixiong: I would like to ask Dora. What specific measures will BSC take after encountering these problems?
Dora: Actually, BSC itself has not been attacked by DDOS, so we have no special emergency. But there is one piece of data to share:
As the first batch of BSC nodes, our BSC nodes have done a total of 18 client upgrades, 16 of which occurred in April and early May, which is the most congested period of BSC. During this period of time, technical colleagues are under a lot of pressure, and often receive text messages in the middle of the night, they have to get up and upgrade the client. I am very grateful to all colleagues for their united efforts to help us through the difficulties together.
Pan Zhixiong: In May, more than 10 projects on the BSC network were hacked to have a knock-on effect, involving flash loans and other issues. What is the essential reason for this problem?
Sun Zhipeng: I think it may be because the codes of each project are copied to each other, which causes vulnerabilities to spread between these projects, causing one project to be attacked and multiple projects to be attacked one after another.
In addition, the reason that caused the BSC to explode hacking attacks in May is related to the fact that many developers have weak awareness of the risks of both flash loans and the mutual combination of DeFi protocols. In addition, there may be some tools that can help to quickly find similar vulnerabilities, which speeds up the speed of these vulnerabilities, but lightning loans here only lower the threshold of attacks and increase the benefits of attacks.
Cheng Xianfeng: I have always been pessimistic about attacks on smart contracts. For example, in 2021, there are still viruses on the windows platform. It is very difficult to prevent risks in the face of endless combinations. From another perspective, everyone thinks that attacks are bad things, but attacks reversely promote the progress of smart contracts.
Flash loans are both nuclear weapons and nuclear energy. Although it shows higher efficiency, better capital leverage, and more efficient capital utilization, it also has a lot of destructive power.
Suji Yan: Attacks also include people-related issues, that is, using DAO to attack others. In the DAO governance model, although the chain is transparent, the governance voting mechanism of the DAO also has risks. For example, the Gitcoin community voted through proposals to convert 49 trillion AKITA donated by Vitalik Buterin into ETH, which is a cause for AKITA. influences. This is a new risk, the risk of DAO, there is a ticket control phenomenon and it is unreasonable. Don’t believe in autonomous voting too much when the economic system is large.
Pan Zhixiong: Suji Yan talked about a new idea about attacks.
Radixiong : I think developers should think about economics-related issues when building the code for DeFi projects. In addition to technical knowledge, developers also need to master relevant economics knowledge.
Pan Zhixiong: Let’s talk about it. Since there are so many problems, what suggestions do you have for our future development? Regardless of whether it is from a security audit or economics, how to avoid it as much as possible? Is there any mitigation plan?
Radar bear: Many projects develop complex systems because they seek innovation, but this kind of innovation will increase the overall risk. It is recommended that developers use simple codes to make the system simple. Can be written in short code, don’t add a lot of things, these are some of my suggestions to developers.
Suji Yan: I suggest not to believe too much in your own voting mechanism. Most of your own voting systems are very fragile. When the economic system is very large, many problems are prone to appear.
It turned out that I was very opposed to the behavior of leaving the back door. I think there should be no such thing. But I now think that we should leave a backdoor, and then design a mechanism to prevent this backdoor from being abused. This is more important for the optimization and development of the project later.
Cheng Xianfeng: I agree with this point of view. Many developers think that the code is the law, but experience cannot cover all future situations. The law itself cannot be perfect. Generally, the contract has an inadequacy and so on. In other words, the law has backdoors and economics. The design of the model is even more so. Let’s not write to death, leave a little room for change. Because in many cases, developers think that they have a very complete design, but there are always people who can find loopholes.
Sun Zhipeng: There are two suggestions for developers: one is to really understand the principle of vulnerabilities and improve the security of the follow-up code; the other is to use the power of experts. In addition, it is recommended that developers slow down the pace appropriately. Many projects take too short time from development to launch. On the contrary, my personal favorite Uniswap core code is not only minimal, but also has very detailed test cases and even formal verification, which is very worth learning.
Dora: My advice to users is to never test humanity. Everyone should do a basic due diligence on the project they participate in. When you find that there is an unreasonable design in this project, you should maintain a skeptical and vigilant attitude.