Category Archives: Security

ERC20 Token Design Mistakes vs ERC223 Token

The old ERC20 token standard have bugs and disadvantages resulting in thousands of ERC20 tokens to be lost annually. These design mistakes has been addressed in the new ERC223 token which is fully compatible with ERC20 wallets and exchanges. 

What is ERC?

ERC means Ethereum Request for Comments. It practically allows for smart contracts to be built on the Ethereum platform based on certain standards thus creating a common interface for all Ethereum tokens. Ethereum developers recommend that any Ethereum developer who wants to create a new token should follow this set of standards to ensure that their tokens are easily recognizable on both the Ethereum network and other third-party service providers such as crypto-wallets. These ERC20 tokens can be received, and sent just like any other cryptocurrency like Bitcoin, Litecoin and Ethereum.

ERC20 bugs

The ERC20 standard is programmed software and accordingly contains some bugs and logic errors. Two different ways to handle tokens were taken into account in the creation. On the one hand, tokens can be sent to another address. A smart contract is paid by using the “approve” and “transferFrom” functions.  Thereafter, the contract may be approved to allow the tokens to be withdrawn. Afterwards the token is filled or lifted by means of “transferFrom”.

When transferring tokens for a contract with “transferFrom” this transaction is basically valid. However, the contract does not recognize it by the user, resulting in the tokens not being loaded into your account. Normally, an emergency token function is stored in the exchange contract (decentralized). If this is not the case, the tokens can not be returned and are lost forever.

ERC20 will continue to be used

Most token based projects have used the original ERC20 token standard as it is with faults. This include even  well known projects.

At present many developers are still unaware of the design mistakes and bugs in the old ERC20 tokens standard so they continue to use it in new developments.

Can the ERC223 standard solve the problems?

ERC223 is a new token standard that seeks to address the design mistakes / errors of ERC20. These problems are:

  • ERC20 provides no programmatic interface to handle incoming transactions in smart contracts.
  • ERC20 handling smart contracts typically require you to trust them with all your funds in order to use them. This is unlike native ether, which has excellent support for trustless transactions.
  • Nothing prevents the user to send ERC20 tokens to a smart contract, such as an exchange. However, due to the inability to handle incoming transactions these sent tokens will not alter the state of the smart contract (such as balance on the exchange), and it will be impossible to retrieve them from the smart contract. Effectively, these tokens get burned resulting in multi millions of USD losses in ERC20 tokens. Because of the deflationary nature of cryptocurrencies this losses will continue to accumulate.

The main improvement of ERC223

  • On top of offering the same level convenience as ERC20 tokens, it also offers its holders protection against losing tokens by introducing a revert option or altogether blocking the transfer of tokens to random contracts. Tokens can no longer be sent to non supporting contracts with the ERC223 standard.
  • ERC223 allows to deposit tokens into a contract with a single transaction (function) which reduces the use of resources. This again reduce the cost and running time of the transaction to about half compared to that of the old ERC20 standard.

ERC223 is created to be compatible with existing blockchain infrastructure, such as wallets like Mist, Parity, MyEtherWallet and MetaMask, and blockchain explorers such as Etherscan and Ethplorer.

Geir Solem

Real Reason For Cash Ban And Why It Will Only Boost Bitcoin

Governments and Central Banks really picked up the pace in the war on cash in the last couple of years.  Various former Central Bank and government officials openly declared the need to ban cash to stop “criminals” and “terrorists”.  The ECB (European Central Bank) earlier in 2016 formerly declared that it is literally starting to banish larger denomination bank notes.  All of these actions will only help raise more awareness and acceptance of Bitcoin and cryptocurrency.  While attempts to ban cash can only help Bitcoin adoption and awareness, a look at the real reason for the push to ban cash uncovers some alarming truths about the existing financial system.

Central Banks are in full blown panic mode.  The real reason why they are trying to ban cash is because there hardly is any non-counterfeit physical cash in existence.  This is true when we look at actual currency in circulation (bank notes and coins) relative to aggregate measures of digits in accounts such as money market funds, equities, and bonds.  Analyzing this data also magnifies how transparent Bitcoin is versus the fractional reserve and excessively levered current monetary system.

The Board of Governors of the Federal Reserve System reports on its own website that as of June 1, 2016 there is $1.46 Trillion of currency in circulation (https://www.federalreserve.gov/faqs/currency_12773.htm).  The Fed also states that of this $1.46 Trillion, $1.4 Trillion is denominated in Federal Reserve notes (FRN).  A Federal Reserve statistical release published on June 9, 2016 states that as of the end of April of 2016 seasonally adjusted M2 equaled $12.56 Trillion.

M2 is equivalent to M1 plus savings deposits, money market deposits, a portion of small denomination time deposits, and a portion of retail money market mutual fund balances.  M2 is clearly in part an assessment of what any rational participant would consider extremely liquid funds that one in theory could immediately convert to physical cash.  Physical currency only covers less than 12% of what the Fed purports to be the most liquid assets in the current financial system. 

The size of the equity market in the United States is roughly $20 Trillion and the bond market (corporate, municipal, state, and federal bonds) is pushing $40 Trillion.  M2 plus equities and bonds amounts to almost $75 Trillion, all considered very liquid assets.  Converting them to physical cash is another issue though, and this analysis is still ignoring outstanding derivatives, real estate, precious metals, and many other financial instruments and products.  Unlike when a Bitcoin user opts to send Bitcoin from a wallet to another address, it is entirely possible customers with FRN could face resistance when trying to liquidate accounts particularly when higher quantities are involved.  This is even more critical for the Fed if customers liquidate and demand physical cash.

If participants in increasing numbers started to demand liquidation of various types of accounts along with the possession of physical cash, the Federal Reserve would have an extremely serious problem.  The Federal Reserve would face a nightmare scenario where the general population started to question why they are being restricted from withdrawing bank notes from their own bank accounts.  It is almost as if an attempt to ban cash is a not so subtle nudge to at least explore the option of exchanging some fiat for Bitcoin.

Hence, the Federal Reserve needs to try and ban cash so nobody has the ability to demand it.  If all accounts denominated in FRN existed only digitally then a run on the system at least would not involve the demand for physical currency.  We have already seen restrictions on the size of ATM withdrawals and other withdrawal requests both across Europe and in the United States along with public trial balloons floated about an outright ban of cash.  The prospect of a very real and literal bank run in Italy surged to the forefront in late June and early July of 2016.  The existence of physical cash and coins is a very real threat to the existence of the Federal Reserve System.

This is all very bullish news for Bitcoin of course.  Bitcoin is a way to exit the Federal Reserve System which governs essentially all retail banks in operation in the United States.  Also of note is that given the sustained trade imbalances of the United States and reserve currency status of USD, plenty of this physical currency is located outside the United States.  This makes the potential challenge in demanding physical FRN even more severe in America while also spreading the risk into other nations.

The Federal Reserve is very aware of Bitcoin and even shifting its stance towards it over the last year, but there is no evading the fact that currency in circulation is merely a tiny fraction of all assets denominated in FRN.  Bitcoin allows owners to have complete control over their own money.  Perhaps none of us know for sure if governments will ultimately succeed in banning cash, but there is no doubt that it is under serious consideration.  The fact that the Federal Reserve needs to even consider this option tells us quite a bit about the health and viability of the existing financial system and the potential of Bitcoin to completely disrupt it.  So little physical cash exists the Central Banks have no option but to banish it and blame it on “terrorists” and “criminals”.

David Young

Bitcoin Security – Multi Signature Wallets part 2

Part 2,  Spend from Multisig Wallets – Generate Bitcoin payment

This is part two of our series on multi signature addresses and wallets. This is important technology for massively improving bitcoin security. In part one we generated a multisig address / wallet. In this part, we’ll walk you through all the steps necessary to spend the funds.

Courtesy World Bitcoin Network

In many ways, multisig addresses are the answer to most of bitcoin’s concerns and fears of theft. And now its time to scale up massive implementation for them. Originally introduced into the bitcoin client a few years ago, multi signature addresses are massively more secure than regular ones. Their adoption by all wallet manufacturers are in progress.

Geir Solem
Cryptor Trust Inc.

Bitcoin Security – Multi Signature Wallets

Part 1, Generating a Multisig Address – What are Multisig Wallets

Bitcoin is now in that ‘second phase’ where security is becoming very important. Originally introduced into the bitcoin client a few years ago, multisignature addresses are massively more secure than regular ones.

Courtesy World Bitcoin Network

Their adoption by all wallet manufacturers is coming.

In many ways, multisig addresses are the answer to most of bitcoin’s concerns and fears of theft. And now its time to implement them.

Nest part 2, Spend from Multisig Wallets

Geir Solem
Cryptor Trust Inc.

Bitcoin Paper Wallet is the Key Tool for Investors

A paper wallet is one of bitcoiner’s best security practices. In this article we will provide a brief overview about its main advantages and important points to care about before starting to invest in the crypto currency.

> What is a Paper Wallet? The Basics

bitcoin_paper_wallet_image
Bitcoin paper wallet generated at bitaddress.org

Also referred as Cold Storage, a paper wallet is a way to store bitcoins as a physical offline document that can be handled as any other real-world materialized currency or value. The main purpose of the paper wallet it to take your private key out of any online record by printing it onto paper.

Once done, bitcoins on a live wallet (web based or software client) can be sent to the public address printed on your paper wallet document for safekeeping.

> Paper Wallet Advantages

As of its advantages, bitcoin paper wallets offer:

(1) A high level of protection against software that might be compromising your computer, like malwares and keyloggers, and of course, against hackers!

(2) The security of possessing your bitcoins on paper, as we are used to deal with cash, although it means that mobility might be an issue at certain point and you need to take other kind of previsions to keep the document in shape.

(3) No dependence on a third party wallet service provider.

(4) Risk reduced by not having to rely only on the security standards applied by a website.

> Points to Care About with Paper Wallets

– Make sure you create a strong and complex enough passphrase when creating your brain wallet on websites like bitaddress.org

– Be aware that the paper contains all the data needed to check your bitcoin balance and import it or spend it, so choose the right place to store it. Also protect it from humidity and other things that could damage it. Losing a single character of any of your 2 keys could become a big issue to recover your assets.

– Before transferring your bitcoins to your paper wallet, make sure you verify it by checking it on alternative sites to bitaddress.org. If the same info comes up, it means everything is ok. Check it on at least 3 more sites.

Hope you found this helpful. On the next article about wallets we will go deeper into how to generate safe paper wallets.

Maximiliano Garcia
Cryptor Trust Inc.