Tag Archives: security

security

ERC20 Token Design Mistakes vs ERC223 Token

The old ERC20 token standard have bugs and disadvantages resulting in thousands of ERC20 tokens to be lost annually. These design mistakes has been addressed in the new ERC223 token which is fully compatible with ERC20 wallets and exchanges. 

What is ERC?

ERC means Ethereum Request for Comments. It practically allows for smart contracts to be built on the Ethereum platform based on certain standards thus creating a common interface for all Ethereum tokens. Ethereum developers recommend that any Ethereum developer who wants to create a new token should follow this set of standards to ensure that their tokens are easily recognizable on both the Ethereum network and other third-party service providers such as crypto-wallets. These ERC20 tokens can be received, and sent just like any other cryptocurrency like Bitcoin, Litecoin and Ethereum.

ERC20 bugs

The ERC20 standard is programmed software and accordingly contains some bugs and logic errors. Two different ways to handle tokens were taken into account in the creation. On the one hand, tokens can be sent to another address. A smart contract is paid by using the “approve” and “transferFrom” functions.  Thereafter, the contract may be approved to allow the tokens to be withdrawn. Afterwards the token is filled or lifted by means of “transferFrom”.

When transferring tokens for a contract with “transferFrom” this transaction is basically valid. However, the contract does not recognize it by the user, resulting in the tokens not being loaded into your account. Normally, an emergency token function is stored in the exchange contract (decentralized). If this is not the case, the tokens can not be returned and are lost forever.

ERC20 will continue to be used

Most token based projects have used the original ERC20 token standard as it is with faults. This include even  well known projects.

At present many developers are still unaware of the design mistakes and bugs in the old ERC20 tokens standard so they continue to use it in new developments.

Can the ERC223 standard solve the problems?

ERC223 is a new token standard that seeks to address the design mistakes / errors of ERC20. These problems are:

  • ERC20 provides no programmatic interface to handle incoming transactions in smart contracts.
  • ERC20 handling smart contracts typically require you to trust them with all your funds in order to use them. This is unlike native ether, which has excellent support for trustless transactions.
  • Nothing prevents the user to send ERC20 tokens to a smart contract, such as an exchange. However, due to the inability to handle incoming transactions these sent tokens will not alter the state of the smart contract (such as balance on the exchange), and it will be impossible to retrieve them from the smart contract. Effectively, these tokens get burned resulting in multi millions of USD losses in ERC20 tokens. Because of the deflationary nature of cryptocurrencies this losses will continue to accumulate.

The main improvement of ERC223

  • On top of offering the same level convenience as ERC20 tokens, it also offers its holders protection against losing tokens by introducing a revert option or altogether blocking the transfer of tokens to random contracts. Tokens can no longer be sent to non supporting contracts with the ERC223 standard.
  • ERC223 allows to deposit tokens into a contract with a single transaction (function) which reduces the use of resources. This again reduce the cost and running time of the transaction to about half compared to that of the old ERC20 standard.

ERC223 is created to be compatible with existing blockchain infrastructure, such as wallets like Mist, Parity, MyEtherWallet and MetaMask, and blockchain explorers such as Etherscan and Ethplorer.

Geir Solem

Bitcoin Security – Multi Signature Wallets part 2

Part 2,  Spend from Multisig Wallets – Generate Bitcoin payment

This is part two of our series on multi signature addresses and wallets. This is important technology for massively improving bitcoin security. In part one we generated a multisig address / wallet. In this part, we’ll walk you through all the steps necessary to spend the funds.

Courtesy World Bitcoin Network

In many ways, multisig addresses are the answer to most of bitcoin’s concerns and fears of theft. And now its time to scale up massive implementation for them. Originally introduced into the bitcoin client a few years ago, multi signature addresses are massively more secure than regular ones. Their adoption by all wallet manufacturers are in progress.

Geir Solem
Cryptor Trust Inc.

Bitcoin Security – Multi Signature Wallets

Part 1, Generating a Multisig Address – What are Multisig Wallets

Bitcoin is now in that ‘second phase’ where security is becoming very important. Originally introduced into the bitcoin client a few years ago, multisignature addresses are massively more secure than regular ones.

Courtesy World Bitcoin Network

Their adoption by all wallet manufacturers is coming.

In many ways, multisig addresses are the answer to most of bitcoin’s concerns and fears of theft. And now its time to implement them.

Nest part 2, Spend from Multisig Wallets

Geir Solem
Cryptor Trust Inc.

The debt problem of the western world was never solved

The debt and obligations of the western world are now higher than ever and still increasing. Declining demographics and long term economic time cycles pointing down into 2022 / 2023 time frame indicating that the next few years might be the time of reckoning.

A work by the graffiti artist Banksy, in London
A work by the graffiti artist Banksy, in London

 

But what does bitcoin and crypto currencies in general have to do with it?

Our forecasting research of social trends indicates that the western world and specially Europe will introduce even more regulations related to cash, deposits, transfer of money, limits on withdrawals, etc. It is very easy for them to include Crypto Currencies by saying the same regulation apply.

We have reasons to believe that Crypto Currencies like Bitcoin will not be spared. Governments have collective decision making and they are slow learners, so things takes time. However, they do learn in the end and compliant exchanges in these regions with their clients deposits are “sitting ducks” for increasingly assertive and desperate western governments trying to put their hands on any cash they can, scrambling for dollars to pay for their ballooning debt and obligations that are at unmanagable levels.

In other words, more assertive western governments introducing draconian restrictions might be the biggest risk of all for Crypto Currency Exchanges and their clients over the coming years.

This can not happen in a “civilized” country, right?  Well, with fiat currencies this occurred in the seventies in the U.K., and is happening today in Argentina and Cyprus, just to mention a few well known countries as examples.

Geir Solem
Cryptor Trust Inc.

Bitcoin exchanges most overlooked risk

The use of bitcoin and exchanges (fiat to btc/altcoin) has awaken the controversy around topics like hacking, fraud, technical breakdown, to mention some. The events have proven that these areas must be taken care of in detail.

It has become a kind of luxury to discuss which exchanges provide the best service,  are the most user friendly, speedy and competitive on their fees.

BUT, one of the highest risk factors is often forgotten. The external risk attached to  the authorities that define the rules of the game also known as  “compliance”.

Source: Bex.io Blog
Source: Bex.io Blog

Record-breaking fines issued by regulators worldwide, notably in the US and UK, dominated the financial services landscape the last few years, with many Bitcoin exchanges closing for trade owing to non-compliance with regulatory requirements or exorbitant licencing related fees, making inviable to hold the exchange day to day operations. In other words many of these businesses were destroyed, with job positions and money lost.

As a consequence, the shutdown of these exchanges created a lot of stress on customers. This included businesses scrambling for alternatives in order to safeguard their continuing operation, often in need of taking their funds out in cash over a short time period. Then, when trying to deposit the funds cash to another bank, a new problem occurs: Cash Deposits. Large cash transactions are in practise now criminalized at least in the western world. You could easily end up with a lot of cash at home or in your office.

Crypto currency exchanges shouldn’t overlook at this issue, as in some regions complying with the rules and regulations could become a never ending wheel. If the exchange is based in Europe or the US, Canada, or Australia, they could be surprised after they have adopted and complied the best they can.

Bitcoin exchanges use banks, which carry very much of the same risks as the risk related to the authorities.

Our research has identified 10 major well known banks in Europe and the US that we think will fail over the next few years. The users, and that includes the exchanges using these banks are of course at high risk as well.  The debt problem of the western world was never solved.

Where to choose and/or base a bitcoin exchange?

We think some select countries in Asia and Latin America are the best due to the rising social mood trending in these regions over the coming decade. It is hard to believe, but regulations might even be relaxed in these regions the coming years, giving exchanges a brighter future.

Geir Solem
Cryptor Trust Inc.

Bitcoin Paper Wallet is the Key Tool for Investors

A paper wallet is one of bitcoiner’s best security practices. In this article we will provide a brief overview about its main advantages and important points to care about before starting to invest in the crypto currency.

> What is a Paper Wallet? The Basics

bitcoin_paper_wallet_image
Bitcoin paper wallet generated at bitaddress.org

Also referred as Cold Storage, a paper wallet is a way to store bitcoins as a physical offline document that can be handled as any other real-world materialized currency or value. The main purpose of the paper wallet it to take your private key out of any online record by printing it onto paper.

Once done, bitcoins on a live wallet (web based or software client) can be sent to the public address printed on your paper wallet document for safekeeping.

> Paper Wallet Advantages

As of its advantages, bitcoin paper wallets offer:

(1) A high level of protection against software that might be compromising your computer, like malwares and keyloggers, and of course, against hackers!

(2) The security of possessing your bitcoins on paper, as we are used to deal with cash, although it means that mobility might be an issue at certain point and you need to take other kind of previsions to keep the document in shape.

(3) No dependence on a third party wallet service provider.

(4) Risk reduced by not having to rely only on the security standards applied by a website.

> Points to Care About with Paper Wallets

– Make sure you create a strong and complex enough passphrase when creating your brain wallet on websites like bitaddress.org

– Be aware that the paper contains all the data needed to check your bitcoin balance and import it or spend it, so choose the right place to store it. Also protect it from humidity and other things that could damage it. Losing a single character of any of your 2 keys could become a big issue to recover your assets.

– Before transferring your bitcoins to your paper wallet, make sure you verify it by checking it on alternative sites to bitaddress.org. If the same info comes up, it means everything is ok. Check it on at least 3 more sites.

Hope you found this helpful. On the next article about wallets we will go deeper into how to generate safe paper wallets.

Maximiliano Garcia
Cryptor Trust Inc.