[Warning]: The Hydra framework is an early research prototype, and is still undergoing the extensive testing, validation, and documentation processes required to recommend it for production. Please help us by trying to break the below bounties, and stay tuned for further release announcements! Until then, remember: there be dragons here!
Programmer errors, compiler bugs, or language-specific flaws have caused a range of past smart contract failures, costing ecosystem participants millions. Hydra directly tackles these failures, and requires a rigorous specification and development methodology that can help stamp out future losses.
Hydra directly addresses these losses by creating an exploit gap, turning usable exploits into trustless bounties while incentivizing honest disclosure.
To power the Hydra, a brand new technique called N-of-N version programming inverts the old fault tolerant software idea of N-Version programming (NVP). While NVP emphasizes availability, NNVP requires consensus among its implementations to emphasize integrity. Each Hydra contract is composed of several subcontracts, or heads. These heads can be written in different languages, compiled with different compilers, and/or created by independent developers. By making sure all these heads agree at every step of computation, Hydra can detect potentially security-critical bugs before exploitation. These include compiler errors, developer errors, and language specific flaws.
Unlike traditional NVP, which requires complete independence of programs to accomplish reasonable guarantees of correctness, Hydra works even when multiple heads are vulnerable to the same exploit. As long as there is a single head in the Hydra that is not vulnerable, the contract cannot be critically exploited. Because it is possible to estimate how likely it is that any two contracts have an identical bug, we can analyze exploiting the Hydra contract as an economic game, and rigorously model the size of the bounty required to disincentivize attackers. This means smaller bounties grant more protection, and smart contracts enjoy clear, principled cryptoeconomic security guarantees.
Our automatic EVM instrumenter can support the majority of contracts and transactions on the Ethereum network today automatically, with no modifications required to the contract. Over 76% of observed contracts and 61% of Ethereum contract transactions are supported.
To ensure the trusted Hydra codebase is as correct as possible, we go beyond bounties and employ the most comprehensive testing process possible for EVM instrumentation today, passing the thousands of thorough and consensus-critical tests securing Ethereum itself.
The start to a comprehensive Hydra is a rigorous specification, allowing developers to implement heads independently. Specification is always useful when developing with high assurance.
With specification in-hand, each developer can implement the target contract, and unit tests that exercise all its functionality. These test suites can all be run on the Hydra contract to find further errors.