Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Callisto and ETC security auditing sustainability. #49

Open
Dexaran opened this issue Apr 18, 2018 · 9 comments
Open

Callisto and ETC security auditing sustainability. #49

Dexaran opened this issue Apr 18, 2018 · 9 comments
Labels
callisto Projects that are marked with this label are related to Callisto development. ethereum Projects that are marked with this label are related to Ethereum CLassic development.

Comments

@Dexaran
Copy link
Member

Dexaran commented Apr 18, 2018

Longterm sustainability of Callisto platform and CLO financial model.

The initial plan was to separate core features (financial: Cold staking/ utility: Free security auditing). Cold staking should bump the price. The higher the price is, the more effective security enhancement will be.

However, this is just a conception and it is far from guaranteed. Watching the EOS cenceptions I came into a conclusion that it may turn out that we will need to increase the value of Callisto platform at our own (regardless of what is going on with crypto industry globally). Taking the EOS model into account, I can propose the following:

  1. Security auditing will require a smart-contract developer to hold an amount of CLO at his balance during the auditing process.

  2. The more CLO a smart-contract developer owns, the higher the priority of his auditing request is.

  3. Once the security audit is completed, the smart-contract developer can sell his CLO. Thus auditing remains "free". You can buy CLO, request audit, sell CLO (+/- volatility).

This ensures volume and liqidity as well.

@Dexaran Dexaran added request for comment callisto Projects that are marked with this label are related to Callisto development. labels Apr 18, 2018
@tiotoi
Copy link

tiotoi commented Apr 20, 2018

@Dexaran is there any minimum for CLO? i mean to hold them?

@realdjyogi
Copy link

How about some marketing update please

@Dexaran
Copy link
Member Author

Dexaran commented Apr 21, 2018

@tiotoi This is under consideration at the moment. I think that there should be a minimum threshold but it depends on CLO price and the amount of auditors that we can hire at once.

@realdjyogi
Copy link

Move some tokens to an exchange. Now trading only btc 1.00 per day. A small push now will give a big jump.

@Dexaran
Copy link
Member Author

Dexaran commented Apr 23, 2018

The future of programmable blockchains, smart-contract systems and the role of Callisto in it.

Overview

Currently, there are many smart-contract development platforms. Many of them are based on the Ethereum code. Being a developer of Ethereum smart-contract and a security auditor, I can say that there are many limitations of Ethereum smart-contracts. Therefore, several newer and more advanced smart-contract platforms are being developed. For example Cardano and EOS.io.

EOS has significantly better performance and provides much more efficient functionality for the development of decentralized applications. I think that EOS will beat Ethereum in the near future.

I don't see any value in Callisto as in decentralized applications (smart-contracts) development platform. I don't see any value in Ethereum, ETC or any blockchain2.0 as in the development platform of smart contracts. We should consider Ethereum-based currencies to be deprecated. Ethereum is blockchain 2.0. Now the era of blockchain 3.0 comes.

The main problem of each smart-contract development platform

I would say that it is impossible to create an absolutely error-free program with the first attempt. This also applies to smart-contracts. For each smart-contract development platform, the problem of code security is critical, because this code will ultimately manage millions of dollars of customers investments.

As a security engineer, I can say that no automatic methods can provide sufficient security improvements. Neither formal verification nor development of new programming languages can solve this problem. The problem of smart-contracts security is of decisive importance for every smart-contract development platform. At the moment, no platform has a solution to this problem.

It does not matter how much blockchains progress. This problem will always be relevant as long as new smart contracts are being developed.

The solution - Callisto

Callisto Network is our attempt to solve the security problem of smart contracts for the entire blockchain industry. Not for Callisto itself. Callisto introduces the Security Auditing DAO which will provide free smart-contract audit services for smart-contract developers. This can not guarantee absolute security of smart-contracts, however this can significantly improve it and prevent such accidents as Parity multisig hack.

Callisto is scalable in this aspect. Security Auditing DAO is abstracted from Callisto core features. Security auditors could be hired and paid depending on demand. When the demand for auditing EOS smart contracts is high, auditors can be paid to verify these contracts. Thus, Callisto can serve other blockchain platforms to solve security problems. Currently, Callisto has no competitors in this space, and I have not seen any attempts to solve the security problem of smart-contract development.

Ethereum is solely a development platform, so it will certainly lose its utility when the EOS comes to existence, because EOS is technically better in all aspects and has much higher performance. Unlike Ethereum, Callisto will not lose its real utility because it solves the eternal problem of programming. Smart-contracts security will always be relevant regardless of how the blockchains will evolve.

As a "security chain", Callisto can coexist with smart-contract development platforms and increase its utility with increasing demand for contract security audits.

Scalability of Callisto

Callisto scalability depends on price level. The more the price of $CLO is, the more auditors could be hired. Securing the Callisto's smart contracts makes sense as long as Callisto is seen as a development platform. This could definitely increase the value of Callisto platform, but it will not be worth it in long term.

Providing security audits for newly developed and wider used smart-contract platforms is a good solution for the whole industry in the long term. However, this does not directly increase a value of Callisto.

Therefore, I proposed to consider the model with a collateral. In this model, if a developer wants to request an audit of your smart contract that will be deployed on any other network, he must buy a certain amount of CLO as a collateral and hold it until the end of the audit. Then the developer can sell CLO and earn his funds back.

@dwarner5522
Copy link

@Dexaran I like your proposal. In a lot of ways it seems that being a holder of CLO will be like holding shares in a company. Where the value of CLO is like a share value and cold staking is like earning a dividend. My only objection would be the idea to keep the service free indefinitely. Maybe in the beginning in order to have developers become accustom to the auditing service. However, after it is established I would propose to keep maybe a percentage of the CLO collateral they have put up as a fee for the service.

@kawayi123
Copy link

@Dexaran我喜欢你的建议。从很多方面来看,成为CLO的持有人似乎都会持有公司的股份。如果CLO的价值就像一个股票价值,而冷股票就像赚取股息一样。我唯一的反对意见是让服务无限期地保持自由。也许最初是为了让开发人员适应审计服务。但是,在建立之后,我会建议保留一定比例的CLO抵押品,作为服务费用。

@nealaka
Copy link

nealaka commented Jun 4, 2018

I partially agree and support the way that you guys offering free audit for contracts.
Ive got a curiosity question.
How or what kind of warranty or guarantee you can provide to these smart contract developers so they can trust your work and keep coming back for more.?
Also I think for the first comers as a smart contract developer it should be free and then slowly you should start "charging" or making it "free".
But then again I guess we will all wait and see and learn together as a community :).
Good luck 🤞

@Dexaran
Copy link
Member Author

Dexaran commented Jan 21, 2020

How or what kind of warranty or guarantee you can provide to these smart contract developers so they can trust your work and keep coming back for more.?

I think that I can answer the question just now. It's almost two years passed since Callisto Security department started its operation. We have a lot of statistics and we can draw some conclusions as well as introduce further security enhancement solutions.

https://medium.com/@dexaran820/the-new-word-in-security-of-smart-contracts-auditable-insurance-6ddc6a5b17e0

@Dexaran Dexaran added ethereum Projects that are marked with this label are related to Ethereum CLassic development. and removed request for comment labels Jan 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
callisto Projects that are marked with this label are related to Callisto development. ethereum Projects that are marked with this label are related to Ethereum CLassic development.
Projects
None yet
Development

No branches or pull requests

6 participants