It’s been two years since Decentralized Finance (DeFi) protocols started coming online on Cardano, and thus far, none of their smart contracts have suffered any hack at a blockchain level that have led to loss of both user and protocol funds. This is in stark contrast to the other major DeFi ecosystems, which according to a recent report by auditing firm CertiK, have suffered losses of more than $291 million in 2023 as a result of code vulnerability.
Although Cardano is not immune to other common industry threats such as scams, phishing attacks and bridge hacks, its on-chain smart contracts have thus far consistently proved to be resistant to malicious attackers and exploits. Let’s explore one of the main reasons why.
UTXO (Unspent Transaction Output)
Cardano adapts the UTXO model used by Bitcoin, and enhanced it for smart contracts. UTXO treats transactions as individual units of currency, or “outputs”. Each output is locked and associated to a cryptographic key. Spending it requires proving ownership of that key.
Unlike an account model that tracks balances and the global state of the blockchain as a whole, the UTXO model tracks each output separately. This granularity enhances security by clearly showing where each coin came from and where it is going. Additionally, by requiring specific outputs to be referenced in each transaction, and that those outputs may only be spent once, it inherently prevents double-spending, a significant security advantage over the account model, which must constantly validate the current balance against transaction history.
An easy way to think of a UTXO transaction is to think of it as:
Transaction Input = Transaction Output - Transaction Fees
Validating a transaction can only return two possible results: True or False. If the above conditions are not met, then the transaction validation will return False, and thus will be ignored by the blockchain.
In the example above, Alice wants to send 5 BTC to Bob. Alice uses her private key to sign and spend the UTXO with 10 BTC. The output of the ensuing transaction takes the form of new UTXOs; one for Bob who receives 5 BTC, and one for Alice who sends back change to herself minus the transaction fee.
eUTXO (Extended UTXO)
In Cardano's eUTXO model, UTXOs can sit or “belong to” a script (not just to a user), which introduce complex logic through specific input conditions for spending these UTXOs. These conditions are defined by the context, datum, and redeemer. The scripts ensure every transaction adheres to a predefined set of rules, thereby enhancing the blockchain's security. The inclusion of context, datum, and redeemer allows for transactions that are secure and adaptable to specific conditions, significantly reducing vulnerability risks due to their tailored and precise nature.
In the example above, a user interacts with a smart contract by submitting a redeemer. That redeemer could be any piece of data that the smart contract requires to validate (a specific NFT, a specific stake address etc…). If the script validates, the funds associated with it can be spent, and a transaction is created. We see the output of that transaction is a UTXO with the funds for the user, and a UTXO with a datum for the script, which dictates the condition, or what redeemer is needed, for that script to validate a future transaction. This is a very simple and high-level example, but helps to illustrate how smart contracts work on Cardano.
One of the key security features of Cardano’s eUTXO model is its deterministic nature. The outcome of transactions is predictable, in stark contrast to the non-deterministic nature of transactions in other networks. This predictability is crucial for auditors, as they can follow the logical flow from inputs to outputs, ensuring that all steps align with the intended transaction logic. This deterministic approach, combined with the explicit conditions in the scripts, makes Cardano's smart contracts inherently more secure and easier to audit.
Moreover, Cardano's approach to handling native tokens enhances its security framework. Unlike other blockchains that use smart contracts for token generation and ownership records, leading to complex permissions and potential vulnerabilities, Cardano treats every asset as native. The logic to use and spend native tokens is the same as for ADA. This simplifies transactions and reduces the risk of unauthorized access or control by smart contracts.
The isolation of smart contracts within individual transactions in the eUTXO model also plays a crucial role in security. It ensures that the failure or exploitation of one contract does not impact others, thus preventing systemic vulnerabilities. This isolation, coupled with the model’s inherent simplicity and predictability, leads to straightforward and less error-prone smart contracts.
Minswap Incident
There has only been one instance so far where a vulnerability in the on-chain smart contract could have led to loss of user funds. This was in March 2022, when the Minswap Decentralized Exchange (DEX) first launched its protocol. Having gone through a rigorous code audit, the Minswap team felt confident enough to open-source its on-chain smart contracts at launch. A vulnerability was found by the Wingriders team (another DEX built on Cardano), who promptly alerted the Minswap team. The latter were able to fix the issue without causing any loss of user fund.
Since then, no other vulnerability has been found on any Cardano smart contract that could have been exploited, including from Minswap. It is also worth mentioning that their incident happened in the very early days of the smart contract landscape.
Conclusion
Code safety from vulnerability and exploits is paramount to entice institutional and retail investors to adopt DeFi protocols and use them, because it generally inspires confidence to know that one’s assets are safe whilst interacting with smart contracts. As we have seen, the eUTXO model offered by Cardano provides predictability and determinism. Albeit initially challenging for developers to build using eUTXO, the proof is in the pudding when it comes to the Cardano ecosystem and its notable lack of hacks as a result of its on-chain smart contracts. Aside from one incident in which no user funds were lost, Cardano has a clean track record in this area, something that not many other ecosystem can boast.