What is going on with Oyster Protocol?

Hello Steemians! About 5 months ago, I wrote a walkthrough about a crypto project which I am very interested in. The project is Oyster Protocol, using the IOTA Tangle for storage and the Ethereum blockchain for incentivization, it is the only project so far which leverages 2 different distributed ledger technologies for their network.

Source

Unfortunately, the project recently ran into some troubles. One of the co-founders, Bruno Block, had seemingly decided to pull out from the project and along with it, he executed an exit scam worth US$300,000. Bruno Block is an anonymous member of the the Oyster Protocol project team; no one knows his identity. How did one anonymous individual manage to pull a $300,000 exit scam you might ask? The smart contract is coded by Bruno Block and he included the ability to reopen the ICO function to create new Oyster Pearl tokens ($PRL). The newly minted tokens were then sent to Kucoin for sale. Before Kucoin and the Oyster Pearl team were able to take notice, Bruno Block had already withdrew $300,000 USD worth of cryptocurrencies. A more detailed breakdown of the incident can be found at this link.

Separately, a detailed statement from Oyster Protocol project team can be found here. According to the statement, Bruno Block admitted that he is the culprit. The reason for his actions is his belief that the world financial system is going to collapse and the cryptocurrencies market is one big bubble as well. As a result, he needs all the money he can find to protect his family and prepare for the future.

At this point, I am still not 100% sure whether Bruno Block is the culprit or the victim. While all the evidence we have seem to be pointed to Bruno Block being the culprit, the fact is he is just an anonymous character and can very well a fictitious one as well. The conspiracy theorist side of me thinks that, there is a possibility that the Oyster Protocol team or part of the team scammed the $300,000 and cooked this cover story to shift the blame to a fictitious character. I do not like to speculate and will wait till the dust is settled before I make further comments.

As for now, the Oyster Protocol project team will likely be going to hard-fork Oyster Protocol network and introduce another token for existing token holders to swap to in a later date. While this is not the end of rht project, the entire saga is certainly going to slow the progress of the project by at least a few months.

---

Smart Contract Security

While Smart Contracts, specifically those on the Ethereum blockchain, are immutable, that does not make them secure. There can still be logic errors that may result in security flaws. Taking the Oyster Protocol saga as an example, does it make logical sense for a token smart contract to have a function to reopen ICO after ICO date and hard cap? This is a logic flaw which should have been caught via smart contract audits.

For the case of Oyster Pearl, the team actually did some due diligence by getting the contract scanned by Quantstamp Demo. However, the demo seems to be scanning for technical vulnerabilities and not logic flaws. Having done application penetration tests for quite a number of clients before, I understand that logic flaws are not that simple to be caught by simple code scans. Sometimes, such flaws can only be found manually through an expert's eyes, but for the case of Oyster Protocol, I think it should be quite easy to be picked up by scanners.

---

Blue Protocol

Interestingly, the whole saga was first detected by Blue Protocol, they were first to detect the unusual activities on the smart contract and they rang the alarm bell to Oyster Protocol and Kucoin. Though Kucoin was relatively quick to respond and freeze withdrawals as soon as they could, $300,000 were still stolen.

Through this incident, I got to learn about Blue Protocol. They aim to build a security layer on top of the Ethereum smart contracts by doing a few things:

• Decentralized 2FA
• Blacklisting/Whitelisting of addresses
• Automated Smart Contract security scans
• Establishing open smart contract security standards
• Building security to smart contract developments by providing SDKs

I quote,

The Blue Protocol allows for 2-factor authentication without a central party, internet-wide secured by the blockchain identification system, secure asset storage, smart contract analysis, blockchain analysis, address blacklisting and whitelisting, and anti-phishing capabilities.

So far, they have implemented a wallet like MetaMask which is available on Chrome and the SDKs will soon be released for public consumption. I have yet to try out the wallet and will probably try it out and write a post on my experience 😃.

---

Conclusion

When it comes to cryptocurrencies or money in general, security is of utmost importance. What we need is really security focused developments in order to ensure our money is safe. Most people do not have the technical expertise to determine whether a smart contract is safe or not and we have to rely on expert opinions. Building in security scans and having a set of security standards will be the way to go moving forward.

Let me know what are your thoughts on the Oyster Protocol incident. Were you affected and what do you think is the true story behind? What do you think is the state of security of smart contracts right now?

If you like what you read, do give me an upvote/follow. Thanks for reading!

Projects/Services I am working on:

• Steem-Oracle Project
• Byteball to Steem conversion service

---

You can find me in these communities: