You are viewing a single comment's thread from:

RE: BitShares 2.0 is one of the most secure blockchain projects while Ripple is the least

in #blockchain8 years ago

I give you credit for responding and your point about false positives is valid. At the same time many people think the design of Ripple itself is flawed at a conceptual level, and think the XRP is too centralized.

While I do not know exactly what the Chinese CERT team used to determine their vulnerabilities I still report on it because whether they are practical or not it does indicate code quality. I would like to ask whether the Ripple development team relies on the practice of formal verification?

Formal verification could be very useful for critical components because then your engineers could offer a proof that the code cannot behave in certain ways. The main concern people have is that their money can somehow be lost or that there is some risk to their ability to transact. Formal verification might help resolve some of these worries even if it costs resources.

I agree with you that the Chinese CERT probably should have contacted Ripple privately or revealed more information. Politics may have been involved or maybe there was just not enough disclosure. I will say I'm not associated with their team and cannot read the language but I did look at the graph and stats. In your future responses please release the results of your audit which shows Ripple is secure so as to prevent this situation from happening again. If we can see Ripple is taking security seriously and trying to fix bugs it goes a long way.

Sort:  

It indicates code quality in some cases and not others. If used properly, yes, it can be used to measure code quality. But this report used it improperly in three major ways:

  1. They compared results numerically across different languages.
  2. They combined results in security critical code with results in non-critical code.
  3. They didn't survey a statistical sample of their results to determine how many of them reflected actual bugs.
    3 is the most important because if they had done this for Ripple, they would have discovered that all their results were false positives because Ripple uses this exact same technique to find actual issues.

Formal verification is not yet ready for real world use on systems as complex as the ones we're dealing with. We follow the research and there's certainly hope that it might be possible some day. We've particularly looked into formal verification of aspects of ILP's design (with some actual successes and some issues found that way) and with the mechanics of consensus and validation (with very limited success to date). Much more research is needed in this area before it will be practical on a larger scale.