EU Smart Contract ‘Kill Switch’ Mandate Won’t Kill Crypto
On March 14, the European Parliament voted in favor of new data controls to be included in a broader bill designed to address data privacy without stifling innovation. A new clause in the bill known as the Data Act requires all smart contracts to include a “kill switch.”
In the IT world, administrators commonly use the kill switch mechanism to shut down a device, network, or software in the event of a security threat. In a smart contract framework, a kill switch can either destroy the contract or deploy a stop, fix, and reissue of the contract in the event of a major bug or violation.
Shahar Shamai is the CTO and co-founder of GK8a cryptographic self-custody platform.
While the intention of regulators was to give people more protection over their own personal information, the law raised concerns in the Web3 community. Some fear that a kill switch warrant will hamper the decentralization of smart contracts by giving one person or group of people the power to stop operations.
Others claim that this kill switch provision will lead to unavoidable security breaches.
Some people may recall an incident in August when decentralized exchange (DEX) OptiFi accidentally activated a kill switch on its mainnet, causing it to be permanently shut down and losing $661,000 worth of USDC stablecoin tokens. . Although this kill switch has not been used in a smart contract framework, it highlights the risks that classic kill switches create for crypto-related businesses and projects.
Many smart contracts can and do store value rather than simply representing ownership of assets located elsewhere. As such, activating a kill switch that actually destroys the smart contract would essentially erase all value held and should not be used. What’s the point of protecting consumers with a kill switch if you lose all the value stored in the smart contract?
I also share the concern to safeguard decentralization, in particular because decentralization is an essential safeguard of community assets. We have all seen cybercriminals focus on hotspots for hacking purposes because those hotspots give them access to more assets in one fell swoop.
See also: EU smart contract regulations included in Council Data Act
Nevertheless, it is important to keep some things in mind. First of all, some smart contracts already include some form of kill switch and many users probably don’t even know about it. Second, deploying such functionality in a smart contract has clear benefits, especially since there are ways to minimize centralization while maximizing security.
The form, application and function of a circuit breaker can vary widely depending on the industry and company, and even the type of device. For blockchain-based companies, projects and protocols operating in EU territory, perhaps the most important starting point is what kind of smart contract kill switches make the most sense? for users and regulators.
Kill or take a break? That is the question
The term “kill switch” immediately evokes a self-destruct button. But the language of the data law is currently vague. Instead of a self-destruct button, one could consider the alternative of a pause function. The pause feature, as opposed to a typical kill switch, will not completely erase the smart contract (and its value) as it can be reactivated.
For example, if a smart contract is compromised, the contract administrator can apply the pause functionality, which essentially freezes the smart contract. Once the situation has been rectified and stabilized, the resume functionality can be activated and resume the smart contract.
Pause functionality is not uncommon in the blockchain and crypto space. Tether, the maker of the main stablecoin USDT, also uses the pause function, as seen in the smart contract code on Etherscan.
Don’t compromise on decentralization or security
Compared to a conventional circuit breaker mechanism, the pause functionality represents better failsafe. Not only does it protect the network if caught in time, it also saves the contract – and its funds – by allowing it to resume operations.
To suspend the smart contract, code administrators must use the system’s private key. However, once a private key is used online, it becomes vulnerable to cyberattacks. In theory, access to this private key could give hackers administrative privileges over the entire contract and has serious implications for the immutability of smart contracts.
So how can smart contract administrators deploy pause functionality without jeopardizing the security of the entire smart contract?
The answer is surprisingly simple: use different keys. One that activates the pause feature and another that activates the resume feature. For added security, store these different keys offline. Separating the pause and resume keys and storing them in a truly offline manner strengthens the security of the smart contract and eliminates potential points of failure.
This method still raises questions about centralization in cryptographic applications. Achieving full decentralization may not be possible under the best circumstances and will be made even more difficult under EU rules.
However, the problems of centrally controlling mandatory kill switches can be greatly reduced through the use of a multi-signature trust protocol. In this scenario, emergency powers to hit the pause switch could be granted for immediate action (as in the case of a hack or glitch). The failover switch may require quorum approval.
This group of trusted parties or community members, having the power to activate the take-back feature, would ensure that no one person or entity has full control of a smart contract.
Another best practice is to change admin keys once a kill switch is used or reversed, because as soon as they are used they log in and therefore become vulnerable to cyberattacks.
See also: ‘No points’ to European Union crypto rules unless world follows suit, official says
The EU’s regulatory frameworks for data privacy, technology and cryptography have so far proven to be quite transparent and forward-looking, and over time the scope of this new “switch clause”. ‘stop’ will become apparent. In the meantime, smart contract developers would do well to do their due diligence on rolling out pause functionality.
By using the pause method, splitting the keys, and establishing a multi-signature resume button trust, smart contracts would not have to self-destruct in the event of a security breach, while enjoying greater security and limited centralization.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.