As the blockchain landscape continues to evolve, the search for groundbreaking platforms that address past vulnerabilities and pave new ways for development and interaction has never been more intense. Enter Fuel — not just another ride in the crypto amusement park.
As the first Optimistic rollup, Fuel is gearing up for its highly anticipated mainnet launch, promising not just excitement but unparalleled security and efficiency with the innovative use of Predicates.
Understanding the Vulnerabilities in Ethereum Smart Contracts
Throughout time, Ethereum has faced significant security challenges due to its design, namely:
-
Reentrancy Attacks: when a contract interacts with an external contract before updating its own state. Attackers can exploit this loophole to repeatedly withdraw funds, emptying the contract before it registers the changes.
The Dao Hack
The infamous DAO hack in 2016, which led to the loss of $60 million worth of Ether due to a reentrancy flaw, highlighted the importance of secure smart contract development and resulted in a hard fork creating Ethereum Classic and Ethereum.
-
Authorization Issues: result from the way permissions are managed within contracts, potentially leading to unauthorized access and manipulation. Relying on complex and resource-intensive security measures not only increases transaction costs but also introduces further vulnerabilities.
Both of these issues, distinct yet interrelated, arise from fundamental aspects of how Ethereum handles transaction permissions and state changes. Despite best practices and security tools introduced to mitigate such risks, managing state changes and external interactions safely remains a challenge for Solidity developers.
As Ethereum continues to develop, the pursuit of more foundational improvements has spurred the exploration of new solutions such as ERC-4337, offering a promising path forward by addressing deep-seated security issues and opening up new possibilities for blockchain applications.
The other solution are Predicates, introduced by FuelVM.
What is a Predicate?
Predicates offer a powerful new mechanism for authorizing transactions. Unlike ERC-4337, where transaction permissions are tied to private keys or custom logic in smart contracts deployed on-chain (that ultimately needs private keys), predicates manage transaction permissions off-chain without the need for private keys.
Predicates are created, not deployed.
In order to create a predicate, one must write a code and use the compiler to generate a hash code. The hash is deterministic and collision-resistant, meaning that it is computationally infeasible to find two different bytecodes that produce the same hash output.
For instance, this very simple predicate with a main function returning true or false…
predicate;
fn main() -> bool {
false
}
…will always have the following root address…
0x531b05021ee1ee564e6528cf6aaeb730a9adc5adc6a4e07b3c727f9fb9bf1460
Without deploying anything on the blockchain, the predicate already have an address that we can interact with, similarly to an Ethereum address. However, given that all operations are done off-chain, it's clear there are inherent differences to smart contracts.
Predicates
❌ Access data on chain
❌ Read data from smart contracts
❌ Check date or time
❌ Read block hash or number
✅ Read input coins
✅ Read output coins
✅ Read transaction scripts
✅ Read transaction bytecode
Contracts
✅ Access data on chain
✅ Read data from smart contracts
✅ Check date or time
✅ Read block hash or number
✅ Read input coins
✅ Read output coins
✅ Read transaction scripts
✅ Read transaction bytecode
Spending assets on a predicate
When a transaction is submitted to the blockchain to spend assets from a predicate address, the transaction must include the predicate bytecode. This bytecode must match the hash/address where the assets are stored. The predicate's main function then runs off-chain to determine if the transaction meets the predefined conditions. If the predicate returns true, the transaction is authorized, allowing the asset transfer to proceed.
For a transaction to be successful, it must fulfill the following requirements:
-
Bytecode Matching: The bytecode provided during the transaction must match the original bytecode that generated the predicate's hash address.
-
Condition Satisfaction: The conditions defined in the predicate’s bytecode must be met.
This process ensures that only authorized transactions are processed, making it both permissionless and flexible. By handling verification off-chain, predicates reduce the need for continuous on-chain interactions, thereby lowering transaction costs and minimizing vulnerabilities typically associated with smart contracts.
Advantages of Predicates over Traditional Smart Contracts
Predicates offer key advantages over traditional smart contracts, enhancing security, cost efficiency, and development simplicity.
Enhanced Security
By minimizing on-chain interactions, predicates reduce exposure to vulnerabilities like reentrancy attacks and authorization issues. Off-chain condition verification ensures that only legitimate transactions are processed, significantly enhancing blockchain security.
Cost Efficiency
Traditional smart contracts on Ethereum incur significant gas fees with each interaction, especially for complex operations. Predicates, which handle most logic off-chain, substantially reduce these costs. This cost efficiency makes blockchain technology more accessible and practical for a wider range of applications.
Simplified Development
Developing and deploying smart contracts can be complex and require rigorous security testing. Predicates simplify this process with a straightforward mechanism for transaction authorization. The deterministic nature of predicate hashes allows developers to predictably create and interact with these addresses without extensive on-chain deployments.
Case Study: Bako Safe and the Power of Predicates
Bako Safe, the native multisig wallet on the Fuel network, is a quintessential example of the power of predicates. By integrating them into its operational framework, Bako Safe allows multiple parties to manage assets collectively under vaults with strict conditions that ensure every transaction is secure and meets the agreed-upon criteria.
Like any other multisig, this not only enhances security but also builds trust among users, making it an ideal solution for businesses and groups looking to manage their digital assets efficiently. Traditionally, vaults in the multisig market are smart contracts deployed on the blockchain. This approach incurs vulnerabilities associated with smart contracts and deployment costs paid either by the user or the protocol.
In Bako Safe takes a different approach, creating vaults as predicates at no extra cost to either party, which enables more efficient models and a variety of use cases.
"Since integrating predicates into our operations, managing digital assets has become significantly more secure and efficient", says João Bolsoni, CEO of Bako. “This advancement opens up a myriad of new possibilities for our users. For instance, in the very basic level, we can offer infinite customizable multisig setups without a paymaster or the burden of gas fees, making it more feasible for enterprises to adopt more secure and granular asset management practices”, he continues.
For a comprehensive experience of Bako Safe's features, visit bako.global.
Fuel Your Crypto Journey
Fuel’s introduction of predicates marks a significant milestone in the evolution of blockchain technology, offering a unique and exhilarating blend of safety and efficiency. As the mainnet launch approaches, we grow in anticipation for the innovations and enhancements that the Fuel ecosystem will bring. With its groundbreaking technology and unmatched security and cost efficiency, Fuel provides the perfect ride to elevate your crypto experience.