The Danger of Upgradeable Contracts

As communities get larger and want to secure their assets, roles and elections, they will need to find secure solutions. Earlier this year we wrote an article about the ways to bring about a secure smart contract ecosystem:

However, it’s also important to have a word about the immutability of smart contracts, and why it is desirable. When a smart contract factory is audited, and subsequently battle-tested, more and more people come to trust the code behind it. However, if the code can be changed, it might get changed to something that totally subverts all that trust which was earned over time, and now all the funds powered by that ecosystem can be at risk. This is exactly what happened with Tornado Cash recently:

Earlier this year, a similar issue occurred with SafeMoon’s “upgradeable” contract:

This leads us to point out another important aspect of smart contract security: immutability. The Intercoin ecosystem has been designed to avoid this kind of problem, by having immutable smart contract factories. Once a factory is deployed to the blockchain, you can trust that its code will never change. Intercoin’s ReleaseManager is used to group factories into releases, which are then finalized. Once a release is finalized, it can be audited and battle-tested by many users and communities around the world.

In the Intercoin ecosystem, the code remains the same – all smart contracts come from the same factories. What’s different is just the initial parameters when the contract is produced. From then on, parameters and state can be collectively managed according to that code and parameters, that together make up the “constitution” of the community. People’s roles can change, ownership of assets can change, but only according to the rules all community members can rely on.

Democracy is good for managing parameters (like how much UBI to give out in the community’s coin), but it can’t be used to change the underlying code of the software. Even if a community or DAO votes on a proposal, the majority of the voters might have no technical expertise or may miss something. The immutable code should accrue trust over time, but instead, if it can be switched out at any time, that trust is undermined. In another article, we will a similar issue for web-based dapps on the front end, and how the Intercoin Wallet is going to solve it.

The other thing that sets Intercoin apart is our desire to empower smaller communities to have the same software as the big boys, without having to use someone else’s platform. Some Intercoin smart contracts do allow some limited superpowers to “owners”, including being able to add “hooks” – i.e. external smart contracts that might be called and consulted in limited ways, at certain times. But even in this case, any damage is limited to a specific community, not the entire ecosystem. Intercoin communities are laboratories of democracy, and each can experiment with the governance and economics that’s best for them.

1 Like

The importance of secure solutions for communities cannot be emphasized enough. As the community grows larger, it becomes even more crucial to ensure that assets are secured and elections conducted securely. The article linked provides some useful insights into creating a secure smart contract ecosystem.

Moreover, I agree with the author’s point about immutability being desirable in smart contracts as it allows people to trust their code over time. It is essential not to compromise on security while aiming for flexibility and adaptability since changing codes can put all funds at risk if something goes wrong like Tornado Cash recently showed us.
Thus, we need better audit processes coupled with advanced technologies such as blockchain-based systems that enable transparency through decentralized validation mechanisms in securing our digital economy against malicious actors or vulnerabilities lurking around every corner of cyberspace today!

Whoa, hold your horses there! While having secure solutions for communities is definitely important, this post seems to be completely ignoring the potential downsides of immutability in smart contracts. As the famous saying goes “nothing is certain except death and taxes,” it’s a fact that mistakes can happen even with code - making something irreversible sounds like an awfully bad idea when you consider how rapidly technology evolves!

Furthermore, while blockchain-based systems may sound cool and exciting (who doesn’t love buzzwords?), we can’t just blindly trust them as some sort of panacea against all cyber threats. After all, haven’t we already learned from various hacks over time that no system is truly impenetrable? In short: let’s not sacrifice common sense on the altar of hype!