PONTEM x ZELLIC: WATERSIDE WEDNESDAY RECAP
On January 11, Pontem hosted a community call with Zellic to discuss smart contract security, the significance of formal verification, and hurdles to the mass adoption of blockchain technology amongst other interesting topics.
You can listen to the full recording on Twitter, Discord, or YouTube
Zellic is a smart contract auditing firm that helps businesses and protocols ensure the security and reliability of their smart contracts.
From High School Hackers to Industry Leaders: The Rise of Zellic
Jasraj Bedi (aka Jazzy) and Stephen Tong, co-founders of Zellic, have a passion for the intersection of technology and security. This drive led them to form a company that provides top-notch blockchain security solutions for their clients.
Jazzy and Stephen's journey to Zellic started in high school when they met and formed a team called Perfect Blue to participate in hacking competitions known as CTFs (Capture The Flag). These competitions, in which teams solve predefined puzzles and attempt to hack software, brought out their best in technical prowess and teamwork. In a few short years, Perfect Blue became the world's number-one team, solidifying their reputation as experts in the field.
Zellic was formed in response to a gap in the market for high-quality smart contract audits. Jazzy and Stephen saw a need for a company that could provide reliable, thorough audits for clients, and saw an opportunity to create a valuable service for the blockchain community. Zellic has since grown from a two-person shop to a thriving company of nearly 20 people, all dedicated to securing blockchain networks.
Jazzy and Stephen have a wealth of experience in the crypto world, having been involved since 2016. They have seen the industry's evolution, from the ICO bubble of 2017 to the current state of the market. Despite their busy schedules, Jazzy and Stephen still find time to play CTFs on weekends for fun and are grateful for the tight-knit community of talented individuals they have met through these competitions.
Whether it's through their work at Zellic or through their participation in CTFs, Jazzy and Stephen's commitment to the field of technology and security is unwavering. They are dedicated to providing the best possible solutions for their clients and to advancing the state of the industry as a whole.
From Freelance Work to Crypto
In 2015, Jazzy became familiar with cryptocurrency through Bitcoin while carrying out freelance work in India. The decentralized nature of Bitcoin, as well as its practicality for payment, sparked his interest.
Upon relocating to Canada in 2017, Jazzy got introduced to Ethereum and immediately became intrigued by its capability to write code on the blockchain and run it on computers globally. This led to an exploration of Geth (go-ethereum), where Jazzy even discovered a bug in the implementation.
By the end of 2020, Jazzy had extensive knowledge and experience in crypto, and his curiosity and desire to comprehend the intricacies of blockchains fueled his involvement in this space.
Stephen shares a similar story, he was a member of a group of internet friends who relied on cryptocurrencies as a more efficient means of sending money across borders compared to traditional banking methods. This ultimately led to his discovery of pay-to-script hash on Bitcoin and further strengthened his interest in Ethereum.
Comparing Move and Ethereum Virtual Machines: What Experts have to say
The Move Virtual Machine (VM) is rapidly gaining popularity in the blockchain world as a safer alternative to the Ethereum Virtual Machine (EVM). The main reason behind this is the design of the Move VM, which emphasizes safety and security. One of the key features that make the Move VM stand out is its type system, which eliminates many of the issues that are plaguing the EVM.
Re-entrancy is one such issue that has affected the EVM in the past but has been mitigated in recent years. The Move VM, on the other hand, does not allow re-entrance as all addresses need to be known at compile time, thereby reducing the attack surface. The capability attack pattern, where the least privileged access is given, is also an important factor that contributes to the safety of the Move VM.
Another issue that the Move VM addresses is overflow and underflow. These were common in the Ethereum network before the release of Solidity 0.8 and could cause significant issues. The Move VM, however, prevents these issues at the virtual machine level.
While the Move VM may offer a higher level of safety compared to the EVM, it's important to note that business logic bugs are still a major issue in smart contracts. These bugs can occur in both the EVM and Move and are a result of incorrect code implementation. High readability and formal verification in Move, however, can make it easier to find these bugs and prevent them from causing harm.
Formal Verification: Move Vs Solidity
Formal verification is a crucial aspect of the development of secure and reliable smart contract systems. With the rise of decentralized finance, the need for rigorously verified code has become increasingly important. The topic of formal verification has been widely discussed in the context of both the Solidity and the Move programming languages.
The Solidity SMT Checker is a simple tool that reinterprets the Solidity code into a series of SMT (Satisfiability Modulo Theories) formulas, which are then plugged into an SMT solver, such as Z3 or CVC4.
On the other hand, the Move Prover is a more powerful tool, integrated into the language at a deeper level, that leverages SMT technology as well as some of the latest research in the field of formal verification. The Move Prover also finds loop, pre, and post-conditions and invariants, making it a more sophisticated tool than the Solidity SMT Checker.
However, formal verification is not without its challenges. Firstly, it can be difficult to get the code to verify, especially when the spec is complex or requires inductive properties. Secondly, even if the code is free of bugs, the specification may still contain errors, such as forgetting to rule out certain edge cases or considering them all together.
In terms of the future of formal verification, it is expected that formally verified libraries will become standard in the development community. These libraries, much like Open Zeppelin, will serve as building blocks for developers, allowing them to build reliable systems with confidence.
Advantages of Writing Smart Contracts in Move over Solidity
Move is a secure programming language, created for writing smart contracts. It was developed by a knowledgeable team, who put a lot of thought into the use cases and facilities for developers.
Unlike Solidity, which has a range of ad hoc features, Move was designed specifically with security in mind, making it easier to verify and promote best practices.
The syntax of Move is simple, concise, and expressive, making it easy to learn and use compared to Solidity's complex options. Additionally, writing in Move gives a high degree of confidence when dealing with valuable blockchain transactions.
2023: Pontem's Plans for Driving Innovation in DeFi
In 2023, Pontem is focusing its efforts on enhancing liquidity through innovative technologies. The team is working on several key projects that are aimed at improving the user experience and reducing losses within the decentralized finance space.
One such project is the implementation of volatile fees, which are based on internal volatility oracles and dynamic fees. This will help to mitigate the issue of impermanent loss, a common issue within decentralized finance. Additionally, the team is exploring discretized liquidity to reduce price slippage, further improving the overall user experience.
Another major project that Pontem is working on is the deployment of the Move Virtual Machine (VM) on Ethereum. This will provide application developers with the same optionality they currently have with Solidity, but with the added ability to pull on various chains.
Pontem also recognizes the scalability issues that exist on Ethereum, such as latency and limited bandwidth. However, the team is confident that the Move VM will address these issues and improve the overall user experience.
The Challenge of Compatibility Between Different VMs
The challenge of compatibility in blockchains arises when different runtimes need to run simultaneously, causing incompatibility between applications built on different virtual machines (VMs).
One solution to this challenge is to have multiple VMs, but this approach would make the blockchain significantly more complicated. Another solution being explored is the use of layer 2 or layer 3 architecture, such as the ZK-enabled approach, which would allow for the creation of app chains that connect to a public chain.
However, this solution would still face challenges when it comes to moving funds between the different runtimes, as it would break the composability between the EVM and other VMs.
The concept of atomicity also comes into play when discussing this challenge. Atomicity refers to the property of a transaction that either happens in its entirety or does not at all. Some applications depend heavily on atomicity, while others do not, and this can impact how the challenge of compatibility between VMs is approached and solved.
The Future of Blockchain: Trends and Predictions
Blockchain technology is not just a buzzword anymore. It's a revolution in the making, with a future that's brimming with endless possibilities. As the blockchain ecosystem evolves at a breakneck pace, it's no longer just a question of "if" blockchain will change the world, but "how".
Imagine a future where you can trade stocks, buy real estate, and even order a ride on a blockchain-powered platform. It's not just a pipe dream, but a real possibility. With multi-chain solutions on the horizon, the future of blockchain technology is looking brighter than ever.
However, the challenge for blockchain is to find its true calling. Will it be the backbone of the next big tech giant, or will it be limited to its current use cases like store of value, trading, and credit management? The world is still grappling with this question, but the future is likely to be shaped by the financial applications of blockchain technology.
An Unwavering Focus on Security: Pontem and Zellic's Partnership
Zellic is pleased to have formed a strategic partnership with the esteemed Pontem team. The collaboration has been a testament to effective collaboration and Zellic is honored to play a role in the growth and advancement of the Pontem platform.
As a leading provider of blockchain security solutions, Zellic is committed to maintaining the highest standards of safety and security for all projects within the Aptos ecosystem and beyond. The significance of fostering trust with partners cannot be overstated and Zellic strives to maintain a reputation of professionalism and excellence in all aspects of its operations.
The recent audit of the Pontem DEX and wallet has demonstrated a commitment to security and delivery of results of the highest caliber. According to the Zellic team, the level of expertise and commitment displayed by the Pontem team was impressive, and they are thrilled about the continued partnership.
The Hurdles to Widespread Adoption of Blockchain Technology
While blockchain technology holds immense promise in a wide range of industries, one of the biggest hurdles to its widespread adoption is the knowledge gap that exists among potential users. The technical code and complex processes required to verify contracts and ensure safety when navigating web 3 can be intimidating to those who are not well-versed in the field.
However, it's worth considering that blockchain technology is still in its early stages, much like the internet was in its early days. Back then, the internet was only used by tech enthusiasts, and those who spent all their time on their computers were often made fun of. But as the industry matured, the internet became more accessible and user-friendly, eventually becoming a tool that is used by billions of people worldwide.
The same may happen with blockchain technology. With usability improvements and better accessibility, the user experience of blockchain will become much more user-friendly and accessible to the masses. To ensure the mass adoption of blockchain technology, certain guardrails need to be put in place. Issues such as custody must be addressed.
The security of the markets and protocols themselves is also a crucial consideration. Solving the custody issue and making the user experience of social recovery as simple and user-friendly as possible will be key in this regard.
The solution to the custody issue will likely require a trade-off between security and user-friendliness. To be accessible to everyone, it must be simple to understand and use, while still ensuring the safety of user assets.
Centralized exchanges could play a key role in this process, as they already have the infrastructure for know-your-customer (KYC) and anti-money laundering (AML) processes. A partnership between exchanges and device manufacturers to create a secure, multi-sig system could be a step in the right direction. This system could allow for shared custody, with one key stored on a secure device, and the other held by the exchange.
The Origins of Zellic
Zellic was derived from Z alloc, a low-level memory allocator, and stems from Stephen's background in vulnerability research. He gained extensive knowledge by hacking iPhones and compromising them remotely or locally.
This emphasizes the notion that if sufficient resources are dedicated to a target, it can become vulnerable to attack. When it comes to cryptocurrencies such as Ethereum, an attacker with sufficient funds could potentially compromise the network by acquiring a significant number of tokens.
The primary concern regarding critical infrastructure, such as banking on Ethereum, is the risk of a state-sponsored attack that could undermine the stability of western economies. Proof of Work (PoW) chains might be harder or more expensive to exploit than Proof of Stake (PoS) chains but if enough violence is applied and one is willing to get their hands dirty, the task can be achieved.
The Challenges of Centralized App Stores
Centralized app stores exercise monopolistic control by establishing arbitrary regulations and retaining a significant portion of in-app revenue. Sideloading offers a solution to conventional app installation, allowing developers to have the liberty to create and install apps as they see fit.
However, this approach poses risks such as malware, lack of quality control, and limited compatibility with various operating systems. As a result, apps developed through sideloading may not be of high quality, contain ads, or be unsafe.
Companies sometimes offer free products or services through these apps as a way to attract customers and convert them into paying ones, which can be seen in industries such as taxi and food delivery. However, it's important to keep in mind that these free services may have hidden costs and the customer may become the product.
ABOUT ZELLIC
Zellic is a smart contract auditing firm dedicated to helping businesses create and maintain secure, reliable contracts that adhere to best practices and industry standards.
Zellic works with industry leaders like Aptos Labs, Solana Foundation, LayerZero, SushiSwap, 1inch, Wormhole, Tortuga, Tsunami Finance and lots more. Zellic and Pontem Network have formed a strategic partnership to help ensure the security and reliability of our smart contracts and products.
ABOUT PONTEM
Pontem is a product development platform that enables global financial inclusion through blockchain technology. Pontem is developing infrastructure and decentralized tools for the fastest and most scalable Layer 1 blockchain – Aptos.
Pontem Wallet is a gateway to the Aptos ecosystem available for Chrome, Firefox, and iOS. Pontem Wallet users can send and receive tokens, connect to decentralized applications, and explore the Aptos ecosystem.