EU Smart Contract “Kill Switch” Mandate Won’t Kill Crypto

On March 14, the European Parliament voted for new data controls to be included in a major bill designed to address data privacy without stifling innovation. A new clause in the bill known as the Data Act requires all smart contracts to include a “kill switch”.

In the IT world, administrators typically use the kill switch mechanism to shut down a device, network, or software in the event of a security threat. In a smart contract setting, a kill switch can either destroy the contract or deploy a stop, update, and re-release of the contract in the event of a major failure or breach.

Shahar Shamai is Chief Technology Officer and co-founder of GK8a crypto self-custody platform.

While the intent of the regulators was to give people more protection over their own personal information, the move has raised concerns in the Web3 community. Some fear that a kill switch mandate will curb the decentralization of smart contracts by giving one person or group of people the power to shut down operations.

Others argue that this kill switch provision will lead to unavoidable security flaws.

Some people may remember an incident that occurred in August when decentralized exchange (DEX) OptiFi accidentally activated a kill switch to its mainnet, causing it to be permanently shut down and lose $661,000 worth of USDC stablecoin tokens. this kill switch was not used in a smart contract setting, it sheds light on the risks that classic kill switches create for crypto-related businesses and projects.

Many smart contracts can store value rather than simply representing ownership of assets located elsewhere. As such, activating a kill switch that actually destroys the smart contract will essentially wipe out all the value held, and should not be used. What’s the point of protecting consumers with a kill switch if you lose all the value stored in the smart contract?

I also share the concern for safeguarding decentralisation, mostly because decentralization is a crucial safeguard for the community’s values. We have all witnessed cybercriminals zeroing in on centralization points for hacking purposes because these centralization points give them access to multiple assets in one fell swoop.

Nevertheless, it is important to remember a few things. First of all, some smart contracts already include some form of a kill switch, and many users probably don’t even know it. Second, there are clear advantages to deploying such functionality into a smart contract, especially considering that there are ways to minimize centralization while maximizing security.

A kill switch’s form, application and function can vary drastically depending on the industry and business, or even the type of device. For blockchain-based businesses, projects and protocols operating within EU territory, perhaps the most important place to start is what kind of smart contract breakers make the most sense for users and regulators.

The term “kill switch” immediately brings to mind a self-destruct button. But the language of the data act is currently vague. Instead of a self-destruct button, consider the option of a pause function. The pause functionality, unlike a classic kill switch, will not completely wipe out the smart contract (and its value) because it can be resumed.

For example, if a smart contract is compromised, the contract administrator can use the pause function, which essentially freezes the smart contract. After the situation is rectified and stabilized, the interrupt functionality can be activated and resume the smart contract.

The pause functionality is not uncommon in the blockchain and crypto space. Tether, the producer of leading stablecoin USDT, also uses the pause function, as shown in the smart contract’s code on Etherscan.

Compared to a classic kill switch mechanism, the pause function represents a better fail-safe. Not only does it protect the network if caught in time, it also saves the contract – and its funds – by enabling it to resume operations.

To pause the smart contract, code administrators must use the system’s private key. However, once a private key is used online, it becomes vulnerable to cyber attacks. In theory, access to this private key could give hackers administrative rights to the entire contract and have serious implications for the immutability of smart contracts.

So how can smart contract administrators implement a pause feature without jeopardizing the security of the entire smart contract?

The answer is surprisingly simple: use different keys. One that enables the pause functionality and another that enables the cancel functionality. For added security, store these different keys in an offline manner. Separating the pause and cancel keys and storing both in a truly offline manner strengthens the security of the smart contract and eliminates potential points of failure.

This method still raises questions about centralization in crypto apps. Achieving full decentralization may not be possible under the best of circumstances, and will be even more difficult under EU rules.

However, the problems of centralized control of imposed kill switches can be greatly reduced by using a multi-signature authentication protocol. In this scenario, emergency powers to press the pause switch can be provided for immediate action (for example, in case of a hack or a bug). The interrupt switch may require a quorum approval.

This group of trusted parties or community members, given the authority to enable the pause feature, will ensure that no individual or entity has complete control over a smart contract.

Another best practice is to change the admin keys when a kill switch is applied or reversed, because the moment they are applied, they go online and therefore become vulnerable to cyber attacks.

The EU’s privacy, technology and crypto regulations have so far proven to be quite transparent and forward-looking, and with time the scope of this new “kill switch clause” will become clear. In the meantime, developers with smart contracts would do well to do their due diligence regarding the deployment of the pause functionality.

By using the pause method, separating the keys, and establishing a multi-signature authentication of the recovery button, smart contracts do not have to self-destruct in the event of a security breach, while gaining greater security and limited centralization.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *