Smarter Bug Bounties? Hydra Codes Creative Solution for Ethereum Theft

Rachel Rose O'Leary
Nov 2, 2017 at 23:00 UTC
Updated Nov 3, 2017 at 10:34 UTC

Can the right alignment of incentives encourage better blockchain bug reporting?

That’s the goal of Hydra, a new effort funded by the National Science Foundation Graduate Research Fellowship and designed by a team of researchers including Lorenz Breidenbach, Phil Daian and Ari Juels from Cornell, and Florian Tramer from Stanford.

Announced today at ethereum’s annual developer conference, Devcon3, the Hydra project is novel in that its contracts aim to automatically and programmatically offer those who report a bug higher rewards than they’d get if they exploited one. In this way, if a user’s smart contract hack would result in a reward of 100 tokens, Hydra would pay out 1,000 tokens if he or she reported it instead.

As such, the project offers a potential solution to an incentive problem common in smart contract development. A popular tool for open-source projects, many times payouts simply make the bad behavior more lucrative.

Hydra tweaks the incentives, however, testing how the nascent concept of crypto-economics – simply, the study of cryptocurrency economies – might encourage people to report bugs they identify.

But rather than condemning the actions of bad actors, Daian sees Hydra as a solution that blends pragmatism and smart programming.

Daian said:

“Let’s see this as a game. What would a rational attacker do with these systems? Say an attacker finds a bug: would they attack or would they claim the bounty?”

But while many will be excited to start playing around with the system, released in alpha today, Daian stressed that it’s still nascent technology that might not be safe for storing funds.

He said, “The code is here for you to play with. But trusting funds with this baby Hydra we’ve spun up – not good idea.

Image via Rachel Rose-O’Leary for CoinDesk