The Hydra Project [alpha]


Hydra is a cutting-edge Ethereum contract development framework for:

decentralized security and bug bounties
rigorous cryptoeconomic security guarantees
mitigating programmer and compiler error


read the paper try the alpha

The world's first comprehensive trust-free bounties.
Crafted with the first framework for cryptoeconomic contract guarantees, ever.

Enter the Hydra.


Chat with us on Riot at riot.im/app/#/room/!#hydra:matrix.org.

[Warning]: The Hydra framework is an early research prototype, and is still undergoing the extensive testing, validation, and documentation processes required to recommend it for production. Please help us by trying to break the below bounties, and stay tuned for further release announcements!

Until then, remember: there be dragons here!


Saving Users Millions

Programmer errors, compiler bugs, or language-specific flaws have caused a range of past smart contract failures, costing ecosystem participants millions. Hydra directly tackles these failures, and requires a rigorous specification and development methodology that can help stamp out future losses.

Hydra directly addresses these losses by creating an exploit gap, turning usable exploits into trustless bounties while incentivizing honest disclosure.


Powered by N-of-N-Version Programming

To power the Hydra, a brand new technique called N-of-N version programming inverts the old fault tolerant software idea of N-Version programming (NVP). While NVP emphasizes availability, NNVP requires consensus among its implementations to emphasize integrity. Each Hydra contract is composed of several subcontracts, or heads. These heads can be written in different languages, compiled with different compilers, and/or created by independent developers. By making sure all these heads agree at every step of computation, the Hydra framework is able to detect potentially security-critical bugs before they can lead to loss of funds. These include compiler errors, developer errors, and/or language specific flaws.

Secured by Rigorous Cryptoeconomics

Unlike traditional NVP, which requires complete independence of programs to accomplish reasonable guarantees of correctness, Hydra works even when multiple heads are vulnerable to the same exploit. As long as there is a single head in the Hydra that is not vulnerable, the contract cannot be critically exploited. Because it is possible to estimate how likely it is that any two contracts have an identical bug, we can analyze exploiting the Hydra contract as an economic game, and rigorously model the size of the bounty required to disincentivize attackers. Not only is this the first rigorous bounty-setting model for smart contracts, but multiple heads mean that smaller bounties provide more economic protection than with traditional contracts.


(1) Specify

The start to a comprehensive Hydra is a rigorous specification, allowing developers to implement heads independently.
Specification is always useful when developing with high assurance.

(2) Implement

With specification in-hand, each developer can implement the target contract, and unit tests that exercise all its functionality. These test suites can all be run on the Hydra contract to find further errors.

(3) Instrument

After writing the programs, our instrumenter automatically compiles your contract heads to EVM, combines them through our Solidity meta contract, and deploys. A single Python call is all you need.


Deployed bounties (Ethereum mainnet)


The Heads


Lorenz Breidenbach
ETH Z├╝rich, Cornell Tech

Phil Daian
Cornell Tech, IC3

Florian Tramer
Stanford

Ari Juels
Cornell Tech, IC3
Project of


Friends of Hack This Contract
100% MIT licensed.

This material is based upon work supported by the National Science Foundation Graduate Research Fellowship under Grant No. .
We would also like to thank NSF CNS-1330599, CNS-1514163, CNS-1564102, and CNS-1704615, ARL W911NF-16-1-0145, and IC3 Industry Partners.
Any opinion, findings, and conclusions or recommendations expressed in this material are those of the authors(s) and do not necessarily reflect the views of the National Science Foundation.