- Hedera is enhancing its network security with the HSCS Security Model v2 for users and developers.
- The Hedera Smart Contract Service (HSCS) security model update will impact users in complexity but more than makes up for it with secure and scalable API solutions and enhanced security.
The Hedera Smart Contract Service (HSCS) security model has undergone an upgrade. The network is moving from the old security model v1 to v2. This is in response to a security incident that occurred on March 09. As confirmed by the team, attackers exploited the Smart Contract Service code of the Hedera mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own accounts.
With the new upgrade, users and developers will enjoy greater security as well as secure and scalable API solutions. HSCS Security Model v1 had to balance between Hedera security and EVM security models leaving gaps that have now been addressed by providing greater clarity and additional protections for the network.
With new security model boundaries, the team summarized the new features to be;
Smart contracts can only change their own storage or the storage they were delegate called with.
System smart contracts may not be delegate called, except from the Token proxy/facade flow e.g. HIP 719. In such cases HTS tokens are represented as smart contracts (see HIP 218) for common ERC methods.
Smart contracts can change an EOAs storage only if the contract ID is contained in the EOAs key.
Smart contracts can change an EOAs balance if they have been approved a token allowance for a specific token held by the EOA.
HSCS will utilize a three-level approach to achieve a state change or value transfer. Executions must not break any of the rules on each level.
- Level 0– On the EVM security model, entities may only modify their own state and balance.
- Level 1- EVM balance allowance interactions allow transfer and access to account balance will follow tested web3 interface standards approvals.
- Level 2- Use of Hedera advances security features may utilize contract-compatible authorization features such as ContractID keys.
The prompt response from the team is encouraging for users and developers, it is also worth noting that the team as part of its exercise looked into its network for additional vulnerabilities that could result in a similar attack as witnessed in March but found none.
No spam, no lies, only insights. You can unsubscribe at any time.
The team admits that changes impact user experiences by requiring more complex steps but makes up for this by increasing user and network security across the network.
Since the announcement, the Hedera native token HBAR has been performing positively. In the last 24 hours, the digital asset has gained nearly 5 percent and is exchanging for $0.04666 at the time of press. In the last 7 days, the asset is down by 2 percent.
Crypto News Flash does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. Readers should do their own research before taking any actions related to cryptocurrencies. Crypto News Flash is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned.
Credit: Source link
