Accessing private data of other contracts from within the blockchain, in a BTCRelay-like way.

Me and Remco Bloemen are wondering...

One of the cornerstones of smart contracts is the split between private and public data.

But now, what prevents anyone from creating a mechanism similar to BTCRelay, but with ETH blocks, within Ethereum? A so called "ETHRelay" would contain a copy of headers of ETH Blocks, just like BTCRelay has copies of BTC blocks.

But instead of using it to verify transactions, one would use it to snoop on private variables.

Let's say that a smart contract Snoopy wants to guess what's in the private memory of Bob. He hires a relayer - Elvira, who is a script/person outside of the blockchain, and that relayer gives Snoopy all the memory of Bob, and all of the Bob's past function calls.

Then, Snoopy uses ETHRelay to verify the information in a similar way that contracts today can verify TXs with BTCRelay. If it checks out, Snoopy knows all the Bob's memory contents and he knows that without trusting Elvira or anyone else.

This would give contracts an option to read private data of any other contract in a trustless fashion. Allowing unlimited leeching into other contracts' data.

Essentially, if this approach is correct, we would have a new super-expensive VM function that would allow reading contents of memory of other contracts.

That can't be possibly true. Right?

What do you think?

Comments

  • KatatsukiKatatsuki Member Posts: 17
    I'm also interested in this. Say you make a lottery app that stores the winning number in a private variable. If there's a way for someone to read that variable, that's a very bad thing.

    Is it technically possible? If so, what would be the alternative?
  • kolinkokolinko Member Posts: 12
    It's always possible for someone outside the blockchain to read any variable, so a lottery app done this way is not a good idea.

    What our technique describes is a way of accessing private data from *within* the blockchain.

    For example, right now, BTCRelay's business model depends on contracts paying for verifyTX function to access it's private data. Our approach allows accessing BTCRelay's internal memory directly, without fees paid to BTCRelay.
Sign In or Register to comment.