The Hydra Project [alpha]

Hydra is a cutting-edge Ethereum contract development framework for:

decentralized security and bug bounties
rigorous cryptoeconomic security guarantees
mitigating programmer and compiler error

read the paper try the alpha Chat on Riot

The world's first comprehensive trust-free bounties.
Crafted with the first framework for cryptoeconomic contract guarantees, ever.

[Warning]: The Hydra framework is an early research prototype, and is still undergoing the extensive testing, validation, and documentation processes required to recommend it for production. Please help us by trying to break the below bounties, and stay tuned for further release announcements! Until then, remember: there be dragons here!

Saving Users Millions

Programmer errors, compiler bugs, or language-specific flaws have caused a range of past smart contract failures, costing ecosystem participants millions. Hydra directly tackles these failures, and requires a rigorous specification and development methodology that can help stamp out future losses.

Hydra directly addresses these losses by creating an exploit gap, turning usable exploits into trustless bounties while incentivizing honest disclosure.

Powered by N-of-N-Version Programming

To power the Hydra, a brand new technique called N-of-N version programming inverts the old fault tolerant software idea of N-Version programming (NVP). While NVP emphasizes availability, NNVP requires consensus among its implementations to emphasize integrity. Each Hydra contract is composed of several subcontracts, or heads. These heads can be written in different languages, compiled with different compilers, and/or created by independent developers. By making sure all these heads agree at every step of computation, Hydra can detect potentially security-critical bugs before exploitation. These include compiler errors, developer errors, and language specific flaws.

Secured by Rigorous Cryptoeconomics

Unlike traditional NVP, which requires complete independence of programs to accomplish reasonable guarantees of correctness, Hydra works even when multiple heads are vulnerable to the same exploit. As long as there is a single head in the Hydra that is not vulnerable, the contract cannot be critically exploited. Because it is possible to estimate how likely it is that any two contracts have an identical bug, we can analyze exploiting the Hydra contract as an economic game, and rigorously model the size of the bounty required to disincentivize attackers. This means smaller bounties grant more protection, and smart contracts enjoy clear, principled cryptoeconomic security guarantees.

Comprehensively Powerful

Our automatic EVM instrumenter can support the majority of contracts and transactions on the Ethereum network today automatically, with no modifications required to the contract. Over 76% of observed contracts and 61% of Ethereum contract transactions are supported.

Painstakingly Tested

To ensure the trusted Hydra codebase is as correct as possible, we go beyond bounties and employ the most comprehensive testing process possible for EVM instrumentation today, passing the thousands of thorough and consensus-critical tests securing Ethereum itself.

(1) Specify

The start to a comprehensive Hydra is a rigorous specification, allowing developers to implement heads independently. Specification is always useful when developing with high assurance.

(2) Implement

With specification in-hand, each developer can implement the target contract, and unit tests that exercise all its functionality. These test suites can all be run on the Hydra contract to find further errors.

(3) Instrument

After writing the programs, our instrumenter automatically compiles your contract heads to EVM, combines them through our Solidity meta contract, and deploys. A single Python call is all you need.

Deployed bounties (Ethereum mainnet)

The Heads

Lorenz Breidenbach
ETH Z├╝rich, Cornell Tech

Philip Daian
Cornell Tech, IC3

Florian Tramer

Ari Juels
Cornell Tech, IC3
Project of

Friends of Hack This Contract
100% MIT licensed.

This material is based upon work supported by the National Science Foundation Graduate Research Fellowship under Grant No. .
We would also like to thank NSF CNS-1330599, CNS-1514163, CNS-1564102, and CNS-1704615, ARL W911NF-16-1-0145, and IC3 Industry Partners.
Any opinion, findings, and conclusions or recommendations expressed in this material are those of the authors(s) and do not necessarily reflect the views of the National Science Foundation.