Agoric reached a major milestone with the launch of mainnet-1 on Thursday, October 27, 2022.
Build Contracts with Our Composable Toolkit
Mainnet fulfills Agoric’s longtime vision of a JS framework for smart contracts. Take a moment to think back to JS in the 1990s, what it was like to build a web app back then, and contrast that experience with what the internet has become today. Because of the rise of frameworks, and the associated libraries of components, relative beginners can build today what few experts could build back then. That ease — that composability — is at the heart of Agoric’s mainnet-1 release.
Mainnet-1 provides a rich JavaScript stack for composable smart contracts. Using our library of contracts and contract components — options, loans, a variety of auctions, AMMs, and more — many novel contracts can be built by composing and parameterizing well-vetted components. The first enabled smart contract, the Parity Stability Module (PSM) of the Inter Protocol, creates and trades IST, the Cosmos-native Inter Stable Token. Contracts benefit from offer safety, provided by Zoe, our smart contract framework. Via Zoe, contracts trade fungible, semi-fungible, and non-fungible assets using ERTP, the Electronic Rights Transfer Protocol. Each contract runs in a vat, approximately a persistent process. Hardened JavaScript provides security within each vat. The SwingSet kernel provides security between vats, including protection from reentrancy attacks. We briefly explain these elements below.
Let’s Talk About Cooperation
At its founding in 2018, Agoric set out to give people the ability to make cooperative agreements with other people whom they don’t necessarily trust — all without having to resort to the expensive expertise of lawyers, not to mention human judicial systems.
A key thing about cooperation is that it requires informed consent. A contract should represent a meeting of the minds. But if one of the participants misunderstands the contract, they can be taken advantage of. If we merely replace the problem of understanding lawyer-written prose contracts with programmer-written code contracts, we have not yet made progress. No one can solve the full code understanding problem. But we can make progress the way software engineering has always made progress — by the discovery of safety properties.
In software engineering, each safety property takes a whole category of bugs off the table. Memory safety relieves JavaScript programmers from a whole class of bugs from languages like C. On top of that, object capabilities leverage modularity to compartmentalize risk. Offer Safety is a safety property we have discovered at the economic level: rather than signing messages to “send X assets to the contract,” market participants sign quid-pro-quo offers: “give X only if Y is provided in exchange” regardless of the details of the contract. Offer safety takes a whole category of risk off the table. With offer safety guaranteed by Zoe, the residual risk from misunderstanding a contract can be much smaller.
Agoric is not launching in a vacuum. We’re excited to be part of the Cosmos community, where sovereign blockchains cooperate in peer-to-peer fashion, exchanging interchain assets over IBC (Inter Blockchain Communication protocol). BLD is the staking and governance token of Agoric, much like ATOM for the Cosmos Hub.
An Overview of the Agoric Stack
The same design principles reappear at each layer of our stack: Enable more cooperation with less risk, by limiting, subdividing, and composing fine-grain electronic rights.
The Hardened JavaScript library uses JavaScript to enforce that JavaScript code stay within the object-capability (ocap) subset of the language, providing strong security properties. In Hardened JavaScript, only an object reference provides the right to invoke the object it designates. Encapsulation and reference passing are thus a foundational theory of rights ownership and transfer.
Our contracts are based on the Zoe framework, which provides Offer Safety. Other smart contract platforms have users send their assets directly to contracts, making users completely reliant on those contracts. In the Agoric platform, assets are escrowed in Zoe, limiting risk. The PSM (Parity Stability Module) allows users to swap stable assets (approved by community governance) for the Cosmos-native IST stable token.
Each Zoe contract runs in its own persistent deterministic process, or vat. The SwingSet kernel enables objects in one vat to send asynchronous object messages to objects in other vats, extending the ocap security model between vats while protecting each vat from reentrancy attacks by the others. Mainnet-1 marks the first time that SwingSet has ever run in a production environment.
The Zoe framework is based on the Electronic Rights Transfer Protocol (ERTP), which provides a standard way to create and exchange assets: fungible, semi-fungible, and non-fungible tokens, as well as assets composed from other components (as complex as you like). These are immediately tradable and composable. This upgrade includes an x/vbank Cosmos SDK module to reflect BLD, IST, and interchain assets as ERTP assets, as well as a smart wallet contract to execute Cosmos transactions containing Zoe offers.
The Inter Protocol MVP is the first step in the phased release of Inter Protocol, and with it comes a PSM user interface for minting $IST. Out of an abundance of caution, the full protocol will be released in stages and carefully reviewed, audited, and exercised between releases. We anticipate that future releases will enable Vaults & liquidation, Automated Market Maker (AMM), Reserve, and BLD Boost.
Our own Smart Wallet (which interacts with Keplr and has unique connections to Zoe, ERTP, and the rest of the stack) is also part of this release.
Security Assessment
As there are many novel, cutting-edge primitives that provide safety and resilience throughout the Agoric stack, it has been crucial to seek out independent, experienced perspectives to challenge the security claims and assertions made by its architects, designers, and developers.
In Q3 2021, Agoric kicked off a robust independent security assessment program to support the march toward production readiness and to clear the path for launch.
Recently, the first round of security audit reports was published at agoric.com/security, and the findings of the audit teams (thus far) conclude that:
“Specifically, we attempted to violate rights conservation, which is the property that ensures that no funds are lost or gained upon seat reallocations. We also attempted to violate offer safety, which is the property that a user can always get either a full refund or the item that an offer is made on. Both properties are enforced in ZCF, and we did not identify instances where a smart contract is able to violate either.”
—Least Authority, ERTP + Zoe Smart Contract Platform Assessment, Q4 2021
“Overall, Atredis Partners found the architecture of Agoric’s kernel to be well designed from a security perspective, properly enforcing the interactions with the vats to ensure proper scoping and access restriction. The architectural design effectively enables enforcing access control through the kernel’s reference translation mechanisms… Atredis Partners would rate the tested components of Agoric’s platform as sound from a security perspective and well-aligned with modern secure development practices.”
—Atredis Partners, Swingset, the Agoric Kernel, Q2 2022.
“Overall, Atredis Partners found the Inter Protocol contracts to be well-thought out and well-documented. The Agoric platform relies heavily on object capabilities which has been carefully implemented throughout with no evidence to suggest any unintended exposure of sensitive object references to untrusted parties. Across all Inter protocol contracts, Atredis did not identify any issues which would undermine contract logic to benefit an attacker. This includes minting new assets, over collecting collateral, and arbitrary reward distributions… Atredis Partners would rate the tested components of Agoric’s platform as sound from a security perspective and well-aligned with modern secure development practices.”
—Atredis Partners, Inter Protocol Assessment, Q3 2022.
It’s important to note that security is not binary, and managing risk in complex systems requires a systematic, comprehensive approach. Independent security assessments are an important part of the puzzle, but providing strong assurances about security requires more than just investing in audits alone. Since the kickoff of the security assessment program in 2021, Agoric has continued to build a set of robust security programs that cover Product Security, internal Purple Team reviews, coordinated vulnerability disclosure, and incident response to support the needs of both the Agoric ecosystem and Interchain. Keep up to date at agoric.com/security.
What’s Ahead
Today marks the second major step in Agoric’s mainnet. Mainnet-1 follows mainnet-0, which happened on November 1, 2021. On October 1, 2022, circulating supply was 43,670,064 BLD. Next week, on November 1, that number grows to 260,756,538 BLD. This week’s launch of Inter Protocol, along with the availability of IST, comes just in time to support this major liquidity moment on the network. (Keep up to date at agoric.com/economy.)
The tradeoff in Agoric’s phased mainnet releases is one between stability and leverage. Agoric maintains its focus on safety and on building strong, resilient architecture/mechanisms. You can always keep an eye on agoric.com/roadmap to see what’s ahead.
Please feel free to forward. You can join the Agoric community on Discord, Twitter, Telegram, and LinkedIn, subscribe to this monthly newsletter, and our Dev Commit newsletter, and catch us at upcoming events!
