Moving security in Aptos

boby_cat · December 14, 2022, 11:07am

For greater popularization of the project
The materials are taken from the off-medium project, and not all words may be added, the full link is here Securing Move. by Aptos Labs and OtterSec | by Aptos | Aptos | Dec, 2022 | Medium

The Aptos Network uses the Move smart contract language as the underlying programming model. While Move is designed for an ecosystem of secure smart contracts, a faulty implementation of Move itself can jeopardize those properties. At Aptos Labs, we are committed to making Move as secure as possible, together with the community. We are both investing in tools for writing correct smart contracts (e.g. the Move Prover, developed predominantly by Aptos), as well as the correctness of runtime core components like the Move Virtual Machine. In this article we describe how we, together with our partners, achieve the latter via auditing, bug bounties, fuzzing, and security hardening of the underlying implementation.

What are we securing?

Type safety: Each value has a unique and unforgeable type. For example, it is not possible to take some value of type address and turn it into a security relevant token of type signer.
Modular encapsulation: Resources in storage can only be manipulated from code within modules that are declaring those resources. Only functions with matching visibilities can be called cross-module.
Ownership and lifetime: Move’s ability system enforces that a value is not copied, dropped, stored, or used as a key unless the corresponding ability is declared for the value type.
Reference safety: References do not outlive the values that they are pointing to. A mutable reference is exclusively owned, such that aliasing is not possible.

0_kNRSZ7ixRqD28pet

Redundancy

One way to achieve extra assurance of security is via redundancy. We added a so-called paranoid mode to the Move VM, which enforces type safety and the other rules mentioned above at execution time. While the bytecode verifier already checks such properties when the code enters the system, the paranoid mode reverifies the same checks again during bytecode execution time. The paranoid mode was extensively discussed within the Move community, with Aptos engineers leading the design. For more information see this PR (final version) and this PR (intermediate version).

What’s next?

At Aptos Labs, we are committed to making Move as secure as possible, and invested heavily into this area. Here we described ongoing efforts around auditing, bug bounties, fuzzing, and hardening conducted by us and our partners. Moving forward, we plan to continue to invest in this space. We will continue to offer a bug bounty program, engage with reputable security auditors, and drive development of security hardening tools, e.g., fuzzing technology.

Article added specifically for Aptos by @boby_cat

vsnu · December 14, 2022, 11:54am

Just saw the full article in medium and I am glad that the team making real progress and efforts to turn ecosystem ‘the safest’

dangcongsu · December 14, 2022, 1:06pm

I believe in the Aptos project because the Aptos Network uses the Move smart contract language as the underlying programming model

romani1884 · December 14, 2022, 1:55pm

That’s just great!

cryptoaadam · December 15, 2022, 6:26am

Yeah, Aptos is a Gem indeed. Buidling is the key.

nguoimoi55147 · December 17, 2022, 6:45am

Yes, Aptos is safe

siruek · December 17, 2022, 9:08am

That’s just great!

treworrr · December 17, 2022, 10:20am

I think it will success

cskhhandmade · December 17, 2022, 12:56pm

Move is strong, I think it will success

nastyenka200984 · December 19, 2022, 10:04am

me too! It should have a good result!