Security Hub

Zeppelin and Ethereum: an Open Relationship - OpenZeppelin blog

Written by Demian Brener | Oct 11, 2016 4:00:00 AM

Love in the time of multiple blockchains

It all started in 2009 with Bitcoin and its underlying blockchain technology. For the first time in history, developers could establish rules and run computer programs smart contracts Love in the time of multiple blockchains

It all started in 2009 with Bitcoin and its underlying blockchain technology. For the first time in history, developers could establish rules and run computer programs smart contracts — in a distributed network without a central authority. Initial examples of smart contracts in Bitcoin include sending multi-signature transactions multisig, time-triggered transactions nLockTime and off-chain micro-payments payment channels.

These smart contracts allowed developers to build apps such as wallets, exchanges and time-stamping services. However, building more complex applications on Bitcoin is very challenging. For security purposes, Bitcoin was designed with a very restrictive scripting language. This makes it hard for new developers to work on blockchain tech: smart contract development was restricted to a select group of Bitcoin experts.

In 2015, Ethereum emerged with a new and more powerful programming language. The Ethereum Virtual Machine (EVM) provided an easier and more robust environment to build distributed apps. This resulted in a rapid increase in the number of developers and projects using Ethereum. They’ve built investment funds, gold exchange, identity management systems and distributed computing platforms. We’ve seen projects issue their own cryptographic tokens and sell them to their users to bootstrap the development of their products. The Ethereum platform enables rapid iteration and development at the application layer, leading to more innovation in the blockchain space.

However, with great power comes great responsibility. The ‘move fast and break things’ motto is not well suited to writing code that deals with real money. That mentality, coupled with a shallow understanding about how blockchain platforms work, led to $60m+ lost to hacks in blockchain-based projects over the past 6 months.

Also, while Ethereum became the leading platform for developing distributed apps, it’s still in its early days. It has security and governance issues that remain to be solved. For instance, since any piece of code can be embedded in Ethereum, the platform is open to running any smart contract that could trigger vulnerabilities (intentionally or not). We saw this happen in September when a particular smart contract on the Ethereum blockchain caused most of its nodes to crash.

Just like Ethereum leveraged Bitcoin tech to provide a full-fledged scripting language over its own blockchain, we may encounter new and more powerful platforms that overshadow existing ones. It doesn’t matter if the winner is Bitcoin, Ethereum, or any other; what’s important is that blockchain technology is here to stay.

At Zeppelin, we want to make it easy and secure to build distributed apps. That’s why our mission of improving the security standards of smart contract development is platform agnostic.

We’re starting with Solidity tools because Ethereum is currently the most popular smart contract platform for developers. Working with Solidity also makes our tools compatible with Rootstock (and thus the Bitcoin blockchain in the future) and other private blockchain systems. Eventually, we will support new languages and blockchains as they become popular.

Zeppelin is currently developed as an open-source and community-driven framework. We invite all developers and entrepreneurs to explore the source code and build distributed apps with it.acc#.gqbwc1afs) — in a distributed network without a central authority. Initial examples of smart contracts in Bitcoin include sending multi-signature transactions multisig, time-triggered transactions nLockTime and off-chain micro-payments payment channels.

These smart contracts allowed developers to build apps such as wallets,exchanges and time-stamping services. However, building more complex applications on Bitcoin is very challenging. For security purposes, Bitcoin was designed with a very restrictive [scripting language(https://en.bitcoin.it/wiki/Script). This makes it hard for new developers to work on blockchain tech: smart contract development was restricted to a select group of Bitcoin experts.

In 2015, Ethereum emerged with a new and more powerful programming language. The Ethereum Virtual Machine (EVM) provided an easier and more robust environment to build distributed apps. This resulted in a rapid increase in the number of developers and projects using Ethereum. They’ve built investment funds,gold exchange, identity management systems and distributed computing platforms. We’ve seen projects issue their own cryptographic tokens and sell them to their users< to bootstrap the development of their products. The Ethereum platform enables rapid iteration and development at the application layer, leading to more innovation in the blockchain space.

However, with great power comes great responsibility. The ‘move fast and break things’ motto is not well suited to writing code that deals with real money. That mentality, coupled with a shallow understanding about how blockchain platforms work, led to $60m+ lost to hacks in blockchain-based projects over the past 6 months.

Also, while Ethereum became the leading platform for developing distributed apps, it’s still in its early days. It has security and governance issues that remain to be solved. For instance, since any piece of code can be embedded in Ethereum, the platform is open to running any smart contract that could trigger vulnerabilities (intentionally or not). We saw this happen in September when a particular smart contract on the Ethereum blockchain caused most of its nodes to crash.

Just like Ethereum leveraged Bitcoin tech to provide a full-fledged scripting language over its own blockchain, we may encounter new and more powerful platforms that overshadow existing ones. It doesn’t matter if the winner is Bitcoin, Ethereum, or any other; what’s important is that blockchain technology is here to stay.

At Zeppelin, we want to make it easy and secure to build distributed apps. That’s why our mission of improving the security standards of smart contract development is platform agnostic.

We’re starting with Solidity tools because Ethereum is currently the most popular smart contract platform for developers. Working with Solidity also makes our tools compatible with Rootstock (and thus the Bitcoin blockchain in the future) and other private blockchain systems. Eventually, we will support new languages and blockchains as they become popular.

Zeppelin is currently developed as an open-source and community-driven framework. We invite all developers and entrepreneurs to explore the source code and build distributed apps with it.