Postconditions on Transactions - a Proposal by Arthur Breitman
Could postconditions on transactions be a solutIon to the problem of wallets getting hacked?
300 words, 2 minute read
Photo by Kaitlyn Baker / Unsplash
Picture the scene: You sign up for an airdrop, connect your wallet, sign a smart contract, and suddenly all your funds are gone. You just got hacked. Writing on Tezos Agora, Arthur Breitman proposes a possible solution: Postconditions on transactions.
Interacting with a smart contract can trigger all sorts of side effects, but attackers primarily care about one: take your assets - Arthur Breitman
Under Breitman’s proposal, a postcondition would be a line of code triggered after a transition on Tezos is completed, with the purpose of verifying that the transaction did not allow for assets to be changed or moved. Based on the information in the transaction receipt, the postcondition would either succeed or fail and if it failed, the transaction would be rolled back.
As Breitman points out, postconditions wouldn’t be a ‘silver bullet’ solution, since:
there are state changes user care about that might not be caught in the “default” post-conditions. For example, if you have an NFT for sale in a marketplace, a malicious website could trick you into lowering the asking price a lot, and that wouldn’t look like an asset changing hands. […]
Nonethless, it’s a unique feature that’s not available on any blockchain and that seems to solve a real pain point users are experiencing today.
Rather than relying on lists of verified trusted contracts and safe websites, upgrading Tezos to include provision for postconditions on contracts would remove the requirement for manual auditing of bad actors and would provide peace of mind for Tezos users when interacting with third parties.