Ethereum developers had to shutter a highly anticipated app last week when two critical bugs provoked security concerns shortly after launch.
Armed with a countdown clock and a big vision, the Ethereum Name System (ENS) was perhaps one of the most-anticipated projects on the network to date – notable in that it was briefly launched on the main network and that development was led by Ethereum Foundation employees Nick Johnson and Alex Van de Sande.
Launched on the main network on Monday, the idea behind ENS is to offer a decentralized way to register domain names on top of ethereum.
Yet, soon after the app went live, bugs came to light – including one that would have allowed bidders to claims domain names without paying for them. After a second error was found the same day, the team decided to reel in the project, at least temporarily.
“We’ll back off, improve testing and validation, write a postmortem, and relaunch when ready,” Johnson tweeted.
Van de Sande, told CoinDesk:
”I felt like having the rocket on the launch pad and aborting the launch during the countdown. It’s frustrating, but much better than seeing it all blow up.”
While observers have noted that the bugs are evidence that ENS wasn’t yet ready for the main ethereum network, it’s worth noting that the team has been applauded for halting the project so quickly.
And no one lost money from the initial bids, Johnson said.
As many supporters argue, bugs are to be expected on any new platform.
However, in ethereum, code issues have proven uniquely hazardous, since its smart contracts are supposed to be ‘immutable’ (that is, they can’t be changed after the fact), including any and all errors.
The most notorious coding issue so far was ethereum’s biggest project, The DAO, which collapsed as a result last summer. There have been lesser-known bugs too, such as one in the programming language Solidity.
Developers have been treading more carefully since, working more vigorously on new security tools in the wake of The DAO, such as software that proves code is free of particular types of vulnerabilities.
It perhaps has to be asked, since ENS ran on ethereum’s testnet, Ropsten, for a period, why weren’t the bugs detected before launch?
“We did find and fix a few significant bugs on the testnet due to community feedback. I think it’s definitely the case that the extra attention of a launch can bring with it the increased chance of finding a bug, though,” Johnson told CoinDesk.
“It is said that in order for an air accident to happen, multiple errors have to happen in sequence,” Van de Sande said, implying that the spotting the errors was somewhat complex.
He further said that some of the code wasn’t tested on Ropsten, so these issues “were not in the testnet contract, they were introduced in code changes to the contract for issues found on the testnet”.
Others have argued that the launch of the main network saw higher traffic than in testing, which may have been why the bugs were found so quickly.
The ENS team indicated that it plans to unveil a more formal postmortem, a document outlining lessons learned, in the coming weeks.
Despite the rollback, the community’s tone has been generally supportive of the technical team since the event, though some have expressed concerns, even comparing the project’s failure to The DAO.
While not so much money was at stake this time round, issues in both projects were caused by errors in smart contract design.
One contributor to the project disagreed with comparisons to The DAO, however. Pseudonymous ENS contributor ‘Maurelian’ said that, for the domain project, the developers had used fail-safes aimed at preventing a similar disaster – including a smart contract that was partially centralized.
“One lesson of ‘TheDAO’ was that some degree of central control should be maintained over smart contracts, especially in the early years of nascent ethereum technology development,” the developer wrote.
Another developer, Taylor Van Orden from MyEthWallet, further warned against user complacency and trust in ethereum developers, saying:
“Any time you trust someone to do something or expect something to go a certain way, based solely on their affiliation with a brand or past reputation, you’re going to have a bad time.”
Going forward, the plan is to relaunch the project once the team is confident the bugs are fixed.
When asked whether ENS is still a viable project, Johnson said that he believes so.
He said:
“Yes, absolutely. It’s worth noting that the bugs were in the registrar – the component that lets users register new domains. The ENS registry itself hasn’t had any major bug findings. For the registrar, I feel we can improve it to the point we’re confident in its security.”
Van de Sande added that the developers plan to proceed more cautiously next time.
“We’re now considering how to make the launch even more low profile,” he said. This might even mean initially limiting the domain names available for purchase, in case something goes wrong.
Despite the setbacks, however, ethereum users seem to be still eagerly anticipating the app’s relaunch.
Aragon, a platform that helps companies craft their own DAOs, indicated it plans to incorporate ENS into its offering one day.
Ethereum Foundation developer Nick Johnson suggested the community won’t likely suffer serious delays before they can experience that ENS app.
He concluded:
“We’re optimistic the delay won’t be a long one.”
Red light image via Shutterstock