Composing faulty assumptions

Standards facilitate interoperability between systems.

But sometimes you need to verify that third-parties are respecting the standard you expect. Or someone might abuse your faulty assumptions. You will expect things to go one way, until the whole world goes upside down.

For example, in the 2020 Balancer hack, the Balancer smart contracts didn't have any bugs. It was assumed in the design that tokens in liquidity pools followed the ERC20 standard. But tokens with different characteristics ended up in there. There goes $500K.

If the assumption supports security properties, confirm that it holds true before leaning on it.

I hope you found this valuable

I send out an e-mail whenever I publish new content. It's free. No spam. Unsubscribe whenever you want.