Decentralization in every walk of life is the new code of the upcoming era. DApps are here to revolutionize how we operate apps, merging data privacy and ownership qualities.
Let’s get into the depth of the blog.
What are DApps?
DApps are decentralized applications that use blockchain to process data through a distributed network and execute transactions. Unlike centralized apps, DApps are operated by peer-to-peer networks.
Once the developer releases the codebase for the DApp, several apps can be built on top of it. There is no single authority, and hence no single point of failure as the P2P network runs them.
DApp helps create numerous applications such as web applications, games & entertainment, social media apps, etc.
Significant Characteristics Of DApp
Here are a few pointers on the key attributes of DApp
- They are open-source code and are user-controlled. This means any changes or new additions are voted on and implemented.
- Decentralization is the core aspect through which all the details are held in the publicly distributed ledger.
- DApps employ tokens native to the platform to reward users for participating or mining them.
News on DApps’ usage
According to the reports by DAppRadar, the number of users engaging in decentralized applications is growing by 396% every year, with now 2.4 million.
Among which gaming DApps account for over 50% of the user activity in Q1 of 2022, and NFTs made a huge collection of about $12 billion.
DApp Coding Security Issues
Having known about the overall idea of DApp, let us now explore some of the common technical errors associated with them.
Signature check: The use of check format “case_=> true” in the @verifier function of DApp coding prohibits the transfer transaction while allowing other transaction types.
{-# STDLIB_VERSION 3 #-}
{-# CONTENT_TYPE EXPRESSION #-}
{-# SCRIPT_TYPE ACCOUNT #-}
match (tx) {
case t:TransferTransaction => false
case _ => true # NEVER DO THIS!
}But using this type of code, any user can perform transactions except transfer transactions. By entering the public key in the “senderPublicKey” field without adding signatures, it gives access to any users to run a transaction.
{-# STDLIB_VERSION 3 #-}
{-# CONTENT_TYPE EXPRESSION #-}
{-# SCRIPT_TYPE ACCOUNT #-}
match (tx) {
case t:TransferTransaction => false
case _ => sigVerify(tx.bodyBytes, tx.proofs[0], tx.senderPublikey)
}
Therefore, it is crucial to ensure the presence of a signature check in the DApp coding to be devoid of the mentioned vulnerability.
Entering keys: The operations in the DApp involve the key-value storage. The common mistake is that a developer would write to one key and read that from another. So, care should be taken while writing keys.
let NONE = "NONE"
func keyVoteByAddress(votingId: Int, address: String) = "voting_" + votingId + "_vote_" + address
@Callable(i)
func vote(id: Int) => {
let voteKey = keyVoteByAddress(id, i.caller.toBase58String())
let vote = getString(this, voteKey).valueOrElse(NONE)
# alternative option
let vote = match getString(this, voteKey){
case s: String => s
case _ => NONE
}
if (vote == NONE) then ...
else ...
}
Another mistake is that instead of giving default values, attempting to read values from the variables such as value() or extract() is not suggestible.
Controlled transactions: DApp operations involves several interdependent operations to run in sequence. In such cases, it is safe to have the function “waitForTxWithNConfirmations” to receive confirmations once after the first transaction is added to the block.
Generic Issues Concerned With DApps
Low liquidity level of DApps: Low liquidity levels on decentralized applications make it difficult to buy or sell tokens at the expected price, causing slippage. Slippage is the difference between the expected and executed prices, which may lead to a loss in funds.
Users can track the liquidity of the assets based on their trading volumes and make smart decisions before buying or selling a token.
Security breach or failure: DApps function through smart contracts and those with bugs in their coding are ideal targets for hackers. Under extreme market conditions or due to code exploits, the devaluation or loss of funds in DApps becomes inevitable.
Auditing the code by third-party firms does greater good in overcoming this issue.
Phishing DApp: If there is a compromise in the coding of the DApp, phishing links are circulated on their official sites. On clicking them unknowingly, they drain off all the funds from the user wallets.
Therefore, double-check URLs before adding the funds from your wallets or entering the wallet information.
Status Of DApp Hacks And Scams In 2022
The downside of DApps is the fact that they are vulnerable to hacks. From the data published by DAppRadar, the DApp scams alone accounted for a $1.2 billion loss.
Highlights of the major hack events include,
Ronin bridge hack: Gaining access to the validator nodes, the hacker was able to forge fake transactions in Axie Infinity’s Ronin bridge network that led to a loss of $600 million.
Wormhole protocol: The hacker exploited a security flaw in the Wormhole protocol code, resulting in a $325 million loss.
Here’s How To Stay Secure And Preventive Methods To Adopt For DApp Security
Overcoming security flaws solves the major part of the problem for DApps. There are a few ways to sort it out.
- Take up auditing services: A thorough coding analysis by an auditing firm like QuillAudits eliminates the bugs from the ground level.
- Penetration testing: Penetration testing gains the upper hand in finding hidden/node vulnerabilities, testing APIs and discovering new attack paths.
General Preventive Measures For DApp Security
- Maintain the secrecy of the private seed phrase to access the funds from the wallet
- Verifying the authenticity and legitimacy of the DApp website
- Be wary of links or texts with grammatical errors.
