Tornado.cash, an anonymization protocol based on Ethereum, has launched immutable smart contracts on its platform. In a press release published late last week, the protocol explained that it had launched its immutable contracts. Tornado, which ensures that Ethereum users can send money anonymously, explains that the new move will make its protocol unstoppable.
The Danger of Immutability
While the development does bring interesting factors, Tornado also explains that there are merits and demerits to achieving immutability.
On the one side, immutability should help improve decentralization on the blockchain and make it virtually impossible for the terms on a smart contract to change. However, this also leaves users vulnerable to bugs and threats.
The major problem with the concept of immutability is the fact that blockchains still aren’t perfect. Hackers get more sophisticated with time, and there’s a propensity for some inventive hackers to find some flaw in the Tornado.cash protocol.
However, with an immutable smart contract, the team behind the project will be unable to make changes to the smart contract’s code. Thus, anyone who finds a flaw and exploits it will have the unencumbered freedom to do as they please. Customers who deposit funds will quite literally be on their own.
No Going Back Now
Ethereum itself has seen some terrible smart contract protocol issues in the past. In 2016, the DAO – an automated venture capital fund and side code to the Ethereum Blockchain – got hacked. According to reports, the perpetrators were able to steal as much as $60 million in customer funds, and the smart contract worked as it should.
Speaking with industry news site Cointelegraph, Covertress, the founder of crypto mining platform Krypton, explained that the incident couldn’t be categorized as a “hack” because of the smart contract worked as it should. Instead, it was more of an exploit.
“Unless it does nothing and allows the funds to remain diverted, Ethereum will suffer a loss of credibility by effectively bailing out DAO investors and reversing what was billed as unstoppable code,” she clarified.
Bringing up a similar situation, crypto analyst David Gerard explained that an immutable smart contract protocol would be a “sitting duck for attackers,” as Tornado.cash will be unable to fix any security threats.
The problem could also backfire on Tornado, as it could mean that the team won’t be able to make updates to their protocol. tBTC, a decentralized Bitcoin-to-Ethereum bridge, recently shut down just after two days of operation due to a bug in its software code.
tBTC lasted on mainnet two days. Alas, it was born before it’s time.
Goodnight, sweet prince🌹
We’ve pulled the red lever, pausing deposits for the next 10 days, and are helping users drain funds. We’ll publish a full post-mortem when confirmed… and we will rise again.
— Matt Luongo (@mhluongo) May 18, 2020
The service had launched on May 16 via the Ethereum mainnet, but its engineers and software developers found a bug in its code. Despite multiple audits, they found that it was buggy, and quickly executed a temporary shutdown to fix it.
Tornado.cash won’t have that luxury anymore. If technology has taught us anything, it’s that you can never be too careful.